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Mail-Grundlagen 


- MTA- Mail Transfer Agent 
Programme unter Unix/Linux: Postfix, Sendmail, qmail, exim, smail 


- MDA - Mail Delivery Agent oder LDA - Local Delivery Agent 
Programme unter Unix/Linux: mail, procmail, local (Postfix), gmail-local 


e MUA - Mail User Agent 


MUAs unter Unix/Linux: mail, pine, mutt, kmail (kde), balsa (gnome) 
evolution (gnome) 


mail: 


mail ist das einfachste mail-Programm unter Linux um Mails zu senden oder zu 
bekommen. Schon rein fur Testzwecken ist es gut dieses Programm ein bisschen 
zu kennen. 


- Mail senden: 
mail pierre@localhost 
Subject: einfacher test 
Das ist mein erstes Mail mit mail 


EOT 


- Mails lesen: 
mail 
Mail version 8.1 6/6/93. Type ? for help. 
"/var/mail/pierre": 1 message 1 new 
>N 1 pierre@globeall.de Fri Mar 29 21:00 13/468 
"einfacher test" 
& 1 (Liest das Mail mit der Zahl 1 - erstes Mail) 


Message 1: 

From pierre@globeall.de Fri Mar 29 21:00:59 2002 
Delivered-To: pierre@localhost.linux.local 

To: pierre@localhost.linux.local 

Subject: einfacher test 

DEES? ia, 29 Mei 2002 21200358 +0100 (Car) 

From: pierre@globeall.de (Pierre Burri) 


Das ist mein erstes Mail mit mail 
& d (Löscht das aktuelle Mail) 
& q (Beendet mail) 


Die Mails die gelesen worden sind werden automatisch in $HOME /mbox 
verschoben. 


MUAs unter Windows: Eudora, Outlook Express, MS Outlook, 
Netscape Composer 


« UCE - Uncolisited Commercial Email (Spam) 


UCE oder auch oft Spam genannt, steht für "unerwünschte kommerzielle Massen- 
E-Mail". UCEs sind meistens Werbe-Emails mit fragwürdigen Inhalten (viel Geld 
schnell verdienen, Porno-Angebote, illegale Informatinen usw.) die an so viel wie 
mögliche E-Mail-Adresse geschickt werden. UCEs kosten dem Sender kaum 
etwas, sind eine Belästigung und ein Missbrauch des Internets. Zum Glück ist es 
inzwischen möglich einen MTA gegen UCEs zu kongigurieren und zu schützen. 
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Aufbau einer E-Mail, RFC 822 Header 


RFC 822 Header 


Received: 
Return-Path: 
Reply-To: 
From: 

Date: 

To: 


Message Body 


Received: 
Indentifiziert der Ursprüngliche Absender und alle Mail-Servern die das Mail 
weitergeleitet haben. Es kann dadurch mehrmals dieses Feld geben. 


Return-Path: 
Indentifiziert die Route die genommen wurde um das Mail zum letzten Mail-Server 
weiterzuleiten. Meistens steht hier die E-Mail-Adresse des Absenders. 


Reply-To: 
E-Mail-Adresse des Absenders oder 
die gewünschte E-Mail-Adresse um Antworten zu bekommen. 


From: 
Author des E-Mails bzw. die E-Mail-Adresse. 


Date: 
Datum und Zeit wann das E-Mail zum ersten Mail-Server gesendet wurde 


To: 
Empfänger des E-Mails. Diese Feld ist nur Informational. Einen SMTP-Server 
nimmt nur Empfänger an, für welche ein RCPT gegeben wurde. 


CC: und BCC: 

Carbon Copy (Kopie) und Blind Carbon Copy (Blindkopie). E-Mail-Adresse 
für einen Empfänger der eine Kopie des E-Mails bekommen soll. Bei BCC wird 
diesen Vorgang dem Hauptempfänger versteckt. 


74_Mail_Services.sxw -8 


Linux-Kurs Themen - Mail Services - June 14, 2009 


Mail-Dienste im Internet 


ISP (Internet Service Provider) 


SMTP -25 \, \ SMTP -25 


Internet 


| SMTP -25 


Mail Server 


Michel Bisson 


Local 


ivarlmail 


MIA 
Postfix 


Local MDA) 


— 


| qpopper /imapd a 


Mailboxes 


Mail Client sr -25| POP3-110/ Map. 143 


` 


Mailbox 


HOME/Mail 
>» 
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- Mail-Protokollen 


SMTP - Simple Mail Transfer Protocol (port 25) 


SMTP-Befehlen: HELO, MAIL, RCPT, DATA, (SEND), (SOML), (SAML), 
RSET, VRFY, (EXPN), (HELP), NOOP, QUIT, (TURN). 
Die Befehlen in () sind bei Postfix nicht implementiert. 


Testen von SMTP mit telnet: 


telnet servername 25 


Trying 192.168.100.133... 

Connected to 192.168.100.133. 

Escape character is '*]'. 

220 dozlinux.linux.local ESMTP Postfix 


HELO laptop.linux.local 
250 dozlinux.linux.local 


MAIL From: me.linux.local 
250 Ok 


RCPT To: michel@dozlinux.linux.local 
250 Ok 


DATA 
354 End data with <CR><LF>.<CR><LF> 


Date: 01 Jan 2002 12:03:40 

From: michel@laptop.linux.local 
To: irmgard@dozlinux.linux.local 
Subject: Hallo again!! 


Hello Irmgard, 


Bla bla bla, bis bald 


250 Ok: queued as 0C5B32E9D 


quit 
221 Bye 


ESMTP -Extended Simple Mail Transfer Protocol (port 25) 


ESMTP ist eine Erweiterung von SMTP und erlaubt mehr Befehle. Die meisten Mail- 
Server beherschen SMTP und ESMTP. ESMTP erlaubt eine Kommunikation Uber die 
gleiche Verbindung in beiden Richtungen. Das erlaubt z.B., die überprüfung des Mail- 
Servers der die Mail(s) über dein eigenen Mail-Server senden will. Eine ESMTP- 
Sitzung wird über den Befehl EHLO Rechnernane gestartet. Spezielle Befehle des 
ESMTP-Protokoll sind z.B. ETRN Domänenamen (extended Turn), was das Holen von 
Mails von einem Mail-Server erlaubt und AUTH, was nach einer Authentifizieren 
erlaubt spezielle Befehle (z.B. Mail-Relay) auf dem Mail-Server auszuführen. 


POP3 - Post Office Protocoll Version 3 (Port 110) 


POPS ist das meist verbreite Protokoll heute um Mails von einem Server abzuholen. 
Es ist ein sehr einfaches Protokol. 


Testen vom POP3 mit telnet: 
Die fettschrifft sind die Eingegebene Befehle 


telnet dozlinux.linux.local 110 (Server-Programm: ipop3d) 
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Trying 192.168.100.133 

Connected to dozlinux.linux.local 

Escape character is '*]' 

+OK POP3 dozlinux.linux.local v2000.70 server ready 
user Benutzername 

+OK User name accepted, password please 

pass Passwort 

+OK Mailbox open, 2 messages 


stat zeigt die Anzahl der Mails in der Mailbox und die 
+OK 2 2019 Grösse in Bytes 

list gleich wie STAT, aber separat aufgelistet 

+OK Mailbox scan listing follows 

1 653 

2 674 

3 692 

top 11 zeigt der Header + die erste Zeile des ersten Mails 


+OK Top of message follows 

X-UIDL: +1b"1)&-"!&-)"I@:K!! 

Return-Path: <root@globeall.de> 

Delivered-To: pierre@dozlinux.linux.local 

Received: from SUN.linux.local (sun.linux.local [192.168.100.44]) 

by dozlinux.linux.local (Postfix on SuSE Linux 7.3 (i386)) with ESMTP id 963B071E 
for <pierre@dozlinux.linux.local>; Fri, 29 Mar 2002 10:51:19 +0100 (CET) 
Received: by SUN.linux.local (Postfix, from userid 0) 

id 8D6081114; Fri, 29 Mar 2002 10:55:15 +0100 (CET) 

To: pierre@dozlinux.linux.local 

Subject: test pop3 

Message-Id: <20020329095515.8D6081114@SUN.linux.local> 

Date: Fri, 29 Mar 2002 10:55:15 +0100 (CET) 

From: root@globeall.de (root) 


Status: OK 
bla bla bla (das ist die erste Zeile) 
retr 1 zeigt das ganze Mail Nr. 1 


+OK 653 octets 
(wieder das gleiche wie vorher aber mit dem ganzen Mail) 


dele 1 
+OK Message deleted löscht das Mail Nr. 1 
quit beendet die Verbindung zum Server 


+OK Sayonara 
Connection closed by foreign host. 
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IMAP - Interactive Mail Access Protocol (Port 143) 


IMAP ist weniger bekannt als POP3 aber wird immer beliebter. Die letzte Version des 
Protokolls ist die Version 4 Revision 1, auch bekannt als IMAP 4rev1. 

Der Hauptunterschied zu POP3 ist, dass die Mails auf dem Server bleiben. Das ist 
einen grossen Vorteil, weil Die Mails von verschieden Orten gelesen und verwaltet 
werden können. 


Testen von IMAP mit telnet: 


telnet dozlinux.linux.local 143 (Das Server-Programm ist imapd) 

Trying 192.168.100.133... 

Connected to 192.168.100.133. 

Escape character is '*]'. 

* OK [CAPABILITY IMAP4 IMAP4REV1 STARTTLS LOGIN-REFERRALS AUTH=LOGIN] 
dozlinux.linux.local IMAP4revl 2000.287 at Fri, 29 Mar 2002 12:26:12 
+0100 (CET) 


Achtung: Jeder Befehl muss mit einem sogenannten "Tag" (Kennzeichne) anfangen: a01, a02, 
a03 usw. 


a0l capability zeigt die "Fähigkeiten" des Programms 

* CAPABILITY IMAP4 IMAP4REV1 STARTTLS NAMESPACE IDLE MAILBOX-REFERRALS 
SCAN SORT THREAD=REFERENCES THREAD=ORDEREDSUBJECT MULTIAPPEND LOGIN- 
REFERRALS AUTH=LOGIN 

a0l OK CAPABILITY completed 


a02 login pierre passwort 

* CAPABILITY IMAP4 IMAP4REV1 STARTTLS NAMESPACE IDLE MAILBOX-REFERRALS 
SCAN SORT THREAD=REFERENCES THREAD=ORDEREDSUBJECT MULTIAPPEND 

a02 OK LOGIN completed 


a04 select inbox öffnet eine Mailbox 

* 2 EXISTS 

* 0 RECENT 

* OK [UIDVALIDITY 1017395681] UID validity status 

* OK [UIDNEXT 4] Predicted next UID 

* FLAGS (\Answered \Flagged \Deleted \Draft \Seen) 

* OK [PERMANENTFLAGS (\* \Answered \Flagged \Deleted \Draft \Seen) ] 
Permanent flags 

* OK [UNSEEN 1] first unseen message in /var/spool/mail/pierre 

a04 OK [READ-WRITE] SELECT completed 


a03 noop no operation. imapd zeigt was sich in der Mailbox 
* 4 EXISTS (/var/mail/Benutzername) befindet. Wenn mbox existiert, 
* 1 RECENT werden die Mails nach mbox verschoben. 


a03 OK NOOP completed 


a05 FETCH 1 RFC822 zeigt das erste Mail 
* 1 FETCH (RFC822 {2678} 

Return-Path: <marty.volker@urz.uni-heidelberg.de> 
Delivered-To: michel@localhost.linux.local 
Received: from localhost (localhost [127.0.0.1]) 


FLAGS (\Recent \Seen)) 
a05 OK FETCH completed 


18 fetch 1 flags zeigt der Zustand des ersten Mails 

* 1 FETCH (FLAGS (\Seen)) 

18 OK FETCH completed 

a06 store 1 +flags (\deleted) markiert das Mail zum Löschen 
* 1 FEICH (FLAGS (\Seen \Deleted)) (-flags=wegnehmen) 

a06 OK STORE completed 


a07 expunge 
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EXPUNGE 
EXISTS 
RECENT 
OK Expunged 1 messages 


a08 LOGOUT 

* BYE dozlinux.linux.local IMAP4revl server terminating connection 
a08 OK LOGOUT completed 

Connection closed by foreign host. 


- LMTP - Local Mail Transport Protocol 


Der Vorteil von LMTP im Gegensatz zu SMTP, ist das es mehrere Status-Meldungen 
zu einem Mail das auch mehere Empfänger hat, zurückgeben kann. Der Sender 
weiss dann, nach einer Mailingliste-Verschikung, welche Empfanger haben die Mail 
bekommen oder nicht. Diese Protokoll kann z.B. zwischen einem MTA und einen MDA 
benutzt werden. 


Die LMTP-Befehle sind gleich wie bei SMTP /ESMTP aber es wird LHLO statt HELO 
oder EHLO benutzt um eine Sitzung zu Öffnen. 


- Installation of Postfix 
- Install the package post fix from SuSE CD 
e run the command newaliases 
e edit the file /etc/postfix/main.cf 
add the network interfaces to serve under: 
inet_interfaces = 127.0.0.1 1:: 192.168.70.130 
- restart postfix : rcpostfix restart 


- Testing postfix locally 


e use mail program to send a mail to a local user 
mail username 
subject: testl of postfix 


J su ”- username 
mail 
Sent Mail should be there 
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Testing postfix remotely 


Make sure the DNS is configured properly with MX records for destination domain 
[dest.domain] IN MX order mail.server.domain. 
order = order of connection attempts to servers when multiple 


mail username@remote.host.domain (FQDN) 
subject..... 


on the remote host: 


su ”- username 
mail 
Sent Mail should be there 


To resend stuck mail from the mail queue: 
postfix flush 
mailq (to check again if they are gone) 


Postfix: Einen von vielen Mail-Servern 


Warum Postfix? 

Der meist verbreiteten Mail-Server in der Unix/Linux Welt ist Sendmail. Seit die 
Einführung von Sendmail, haben sich Mail-Administratoren mit der schwierige 
Konfiguration von Sendmail der Kopf zerbrochen weil sie so schwierig ist. Sendmail ist 
ein altes Konzept das als ein einziges grosses Programm läuft, dadurch ist sendmail 
nicht sehr schnell, und sendmail hat in der Vergangenheit öfter Sicherheitslöcher 
gehabt, die aber immer sehr schnell repariert worden sind. Die Erwähnten 
Eigenschaften von Sendmail motivieren sehr nach Alternativen zu suchen. Es gibt 
inzwischen viele Alternativen zu Sendmail (http: //www.sendmail.org & .com): 


Qmail sehr schnell, sicher, flexibel, eigenes Mailbox-Format. 
http://www.qmail.org 

Postfix schnell, sicher, 120% kompatibel zu Sendmail. 
http://www.postfix.org 

ZMailer schnell, sicher, fur sehr grosse Belastung geeignet. 
http://www.zmailer.org 

Exim klein und einfach zu konfigurieren, gute spam-Filters. 


http: //www.exim.org 


CommuniGate Pro 
kommerzielles Produkt (ab $500), leichte Konfiguration 
über einen Browser, in der Mac-Welt verbreitet. 
http://www.stalker.com/communigatepro 


Wir haben uns für Postfix entschieden, weil er gute Referenzen hat, einfach 
zu konfigurieren ist, kompatibel zu Sendmail ist und als RPM (mindestens bei 
SuSE) verfügbar ist. Konkret bedeutet dass, das es schnell möglich ist, Tests 
durchzuführen und zu positive Resultaten kommen. 
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- Postifix-Information 
- Literatur: Postfix von Richard Blum, Verlag: Sams (in englisch) 
e Internet: http: //www.postfix.org (sehr viel Dokumentation) 


- Zusätzliche Dokumentation 
« Amavis - A MA Virus Scanner. http: //www.amavis.org 
Postfix-Aufbau (page 35) 


incoming 
messages 


access virtual canonical wem e 
table table table 


ES 


active 


- Mail processing sequence of events: 
- Receiving e-mail 
From local user: 


The Local MUA of local user uses sendmail to pass-on messages to the 
maildrop message queue: /var/spool/postfix/maildrop/codedmailname 
Note: The local MUA mail uses also the sendmail program to process the mail. 


The program postdrop is used automatically when the maildrop directory is not 
world writable. This is to restrict the write access of the directory to postdrop. 
-The maildrop directory must be writable only from the group maildrop 
and chmod 1730. 
- postdrop must be set SGID and owned by post fix, group maildrop. 


The message waits in the maildrop directory until the pickup program takes it and 
forwards it to the cleanup program. 
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From remote host: 


The Remote MUA communicates through the smtpd program using SMTP protocol. 
The smtpd uses the access table to verify the access rights of the remote host. 
The smtpd sends the message to cleanup program. 


Mail Header Format (RFC 822)checking and cleanup by cleanup program. 
Message header is checked against: 


-Missing From: , Message-ID: , Date: 

- Getting To: , Cc: Bec: addresses 

- Checking for Addresses to rewrite against canonical and virtual tables 
- If header is invalid, then message is thrown away in the corrupt message 
queue 


FQDN Addresses Checking and rewriting: 


If header addresses are not FQDN the program trivial-rewrite converts it to 


FQDN: 

— user@host > user@host.domain 

— host! user > user@host.domain 

- user%domain ----> user@host.domain 

- user@site. > user@site 
-The cleanup program then puts the message in the incoming message 
queue. 


They are waiting there for qmgr program to process them. 
Message processing and Delivery 


The program qmgr puts the message in the active message queue for 
processing(Study) 


Message processing with qmgr program 


If msg destination = local user, local program delivers it to local user mailbox. 
It checks aliases table and ~/ . forward file before delivery. 

The message can also be sent to procmail (external program)to deliver the 
local message. ~/. forward file is only to forwarding to other local users. 


If msg destination = remote server, 

smtp program attempt to deliver the message. 

- Undeliverable messages are logged in the defer directory and put in 
deferred message queue with a time stamp for retry delay. 
They will be tried again later. 

- Refused messages by remote mail server are forwarded to bounce 
program, processed (changed)and put in bounce message queue. 
They will be sent back to sender later by putting them in the 
incoming message queue. 

- Messages with unrecognizable addresses are sent to program 
trivial-rewrite converts it to FQDN before attempt sending: 


Messages for other mail systems on same mail server are forwarded via the 
pipe program. eg. UUCP software. 


Corrupted messages are saved in the corrupt message queue. 
Will be clean-up later. 
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- Postfix-Interne-Programme 


master 


bounce 


cleanup 


error 


local 


pickup 


pipe 
postdrop 


qmgr 


smtp 
smtpd 


Main Postfix Daemon that controls the scheduling and the start and 
stop of the following internal programs of Postfix Mailing System. 
It is located in: /usr/lib/postfix/master 


Returns a bounced message to the sender 

and writes a log message in the bounce message queue 

Bounced messages can happen because local user doesn't exist or 
remote mail server not available. 


Processes incoming mail Headers and places messages in the 
incoming queue. 


Processes messages delivery requests from qmgr program , forcing 
messages to bounce. 


Delivers Messages destined for local users. 


Waits for messages in the maildrop queue and sends them to the 
cleanup program to begin processing. 


Forwards messages from qmgr to other non-postfix programs. 


Moves an local incoming message to the maildrop queue when that 
queue directory (/var/spool/postfix/maildrop)is not world 
writable. 


Processes messages in the incoming queue, determining where 

and how they should be delivered, and spawns programs to deliver 

them. It manages the following queues: 
incoming, active, deferred, corrupt. 

And keeps an eye on the bounce and defer messages directories. 


SMTP Client that forwards messages to external mail servers. 
SMTP Server that receives mail messages from external mail clients 


trivial-rewrite 


showq 


tlsmgr 


flush 


Receive messages from cleanup to ensure the header 
addresses are in standard format for the qmgr program. 
Also used by the qmgr program to resolve remote addresses. 


Reports Postfix mail queue status 


Postfix TLS session cache and PRNG handling manager. 
For Secure Mailler using OpenSSL 


Postfix fast flush server. This program expects to be run from the 
master (8) process manager.man 8 flush for more info. 
Location of "fast flush" logfiles /var/spool/postfix/flush 
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- Postfix-Warteschlangen 


maildrop New messages waiting to be processed, received from local 
processes. 


incoming New messages waiting to be processed, received from remote hosts 


as well as processed messages from local users. 
active Messages that are ready to be delivered to qmgr program. 
defer Log files of deferred mail messages 


deferred Messages that have failed on an initial delivery attempt and are 
waiting for another attempt. 


mail Delivered messages stored for local users to read. 


- Postfix-Werkzeuge 


Michel Bisson 


mailg zeigt die in der Warteschlange sind, die noch nicht 

oder sendmail -bp ausgeliefert worden sind oder nicht ausgeliefert worden 
konnten. 

postfix flush versucht alle Mails die in der Warteschlange sind, zu 

oder sendmail -q senden. 

postfix start (or stop, reload, abort, flush, or check) 

postconf -n zeigt die parameter die verändert worden sind. 

postconf -m zeigt mit welchen Modulen Postfix kompiliert ist. 

newaliases aliasdatei erstellt eine neue aliases-Datenbank 

postalias Queries database for keywords and their values 

postcat zeigt ein Mail von einer Warteschlange in 
"menschlicher Form" an. 

Beispiel: 
mailg 


find /var/spool/postfix/deferred -name XXXXXXXXX 
postcat /var/spool/postfix/deferred/x/y/XXXXXXXXX 


postlog Allows to log a text line in the mail log file. 
Acts like logger program but just formail.* 
GO. postlog -i -p info -t title Message 


postmap /etc/postfix/mapfile 
Converts text file to a database 


postsuper Deletes or requeues messages in queues. 
Can only be executed by the superuser (root) 
eg. postsuper -d ALL deferred 
Deletes all messages of deferred queue 


postkick Allows to send request to the specified service 
over a local postfix transport channel from 
external programs like shell scripts. 


postlock Locks mail folder before executing a command 


- Extra tools not included in Postfix: 


procmail Powerful local mail delivery agent 
formail Re-formats/modifies mail headers 
biff Announces when a mail has arrived 


- Postfix-Lookup-Tabellen 
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Lookup table used by program Description 
access smtpd Accept/reject incoming mail according to source addr 
aliases local Redirect mail coming in for local recipients 
canonical cleanup Local and non local addresses mappings 
relocated qmgr Info used to send notice back to sender for bounced 
messages 

transport trivial-rewrite Mapping of destination domain to delivery methods 
virtual cleanup Redirection of local and non-local recipients 

e access Maps remote SMTP hosts to an accept/deny table for security 


according to sender name , domain, etc 


File Syntax Format: /etc/postfix/access (page 202) 


roland@spamit.de REJECT 
sexygirl@broadband.sk.uk 554 No entrance permitted 
marty@ REJECT 

linux.local 554 Not permitted 
217.224 REJECT (not working yet !!!) 


Note: line starting with at least one space are continuation of previous line. 
IMPORTANT: Do not use tabs, use spaces between parameters 


Compile the table to hash database: 
postmap /etc/postfix/access 


Declare the table in /etc/postfix/main.cf 


Michel Bisson 


smtpd_sender_restrictions = hash:/etc/postfix/access 


aliases (page 205) Maps alternative fictive local recipients to: 

- local users mailboxes 

- remote e-mail addresses 

- a local file 
inmain.cf :allow_mail_to_files = yes 

- a local program via unnamed pipes 
inmain.cf:allow_mail_to_commands = yes 

- multiple e-mail addresses via :include:/mailing/list/file 


other aliases main.cf entries: 


-alias_database hash:/text_filename (creates a .db file database) 


Or -alias_database dbm:/text_filename (creates a .dbm file database) 
Text Format:(compatible with sendmail aliasses) 

admin: michel, michel@dozlinux.local, michel@mmbisson.com 
admin2: /tmp/vacation-mail.txt 

test: |/usr/bin/sendfax -n -d 5551212 

savetxt: :include:/home/hans/mailing-list.txt 


Compile the table to hash database: 
newaliases /etc/aliases 


Declare the table in /etc/postfix/main.cf 
alias_maps = hash:/etc/aliase 


recipient_canonical and sender_canonicall 

(page 208) Maps alternative mailboxes to real mailboxes for rewriting 
sending and receiving messages headers. 
Used by cleanup program to rewrite addresses in the mail header. 
Good example: 
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In combination with aliases it allows to use long names 

eg. michel. bisson@mymailserver.de to mean 
michel@mymailserver.de 

That would involve writing the following: 

in aliases----> michel.bisson: michel 

in sender_canonical--> michel michel.bisson 


eg. To exchange only the sender address from an email: 
in sender_canonical: 
farbey@linuxint.com = joe.farbey@linuxint.com 


Text Format: 


LocalUserName long.email.name 
eg. michel michel.bisson 
Compile the table to hash database: 


postmap /etc/postfix/sender_canonical 
postmap /etc/postfix/recipient_canonical 


Declare the table in /etc/postfix/main.cf 
sender_canonical_maps= hash:/etc/postfix/sender_canonical 
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical 


relocated (page 209) Maps no longer valid user mailboxes 
(for bounced messages) to text inserted in bounced messages. 
The text insert can be anything. New name, address, street etc. 
The inserted text will follow a fixed message: 


user has moved to <Text inserted> 
File Format: michel michel@newcompany.de Please change it. 


Compile the table to hash database: 
postmap /etc/postfix/relocated 


Declare the table in /etc/postfix/main.cf 
relocated_maps= hash:/etc/postfix/relocated 


e transport (page 212) Maps Domain Names to delivery methods for remote 
hosts connectivity and delivery: local, uucp or smtp 
Can be used to specify a relay mail server which will forward to 
destination. 


File Format: 
destination.domain transport: [nexthop] [:port] 
laptop.linux.local local: (needed for local server) 
localhost.linux.local local: 


company.de smtp:viaserver.de: 8025 
mmbisson.de smtp: 
special.com uucp: 


Compile the table to hash database: 
postmap /etc/postfix/transport 


Declare the table in /etc/postfix/main.cf 
transport_maps= hash:/etc/postfix/transport 
default_transport = smtp 


e virtual (page 214)Maps recipients and domains to local mailboxes for delivery 
File Format: 


linuxint.org virtual 
considers all mail for linuxint.org as local mail 
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michel michel@mmbisson.com michel@dozlinux.linux.local 

forward mail destined to local michel to another address 
martin@virtualmail.com mary 

forward all mail of martin to local user mary 
@linuxint.homelinux.com pierre@sun.linux.local 

forward all mail of one domain to a user in another domain 


pierre@globeall.dyndns.org michel@sun.linux.local 
forward mail of one address to another address 


- Compile the table to hash database: 
postmap /etc/postfix/virtua 


e Declare the table in /etc/postfix/main.cf 
virtual_maps = hash:/etc/postfix/virtual 


Relaying mail. 
Postfix will accept to relay mail if the following conditions are met: 
- If the mail's destination is a local mailbox 
- If the sender is a local user (user logged-in in the host where postfix resides) 
- If the following directives in /etc/postfix/mail.cf£ allows it like: 
mynetworks = 127.0.0.1, 10.1.1.0/24 
smtpd_recipient_restrictions = 
permit_mynetworks, reject_unauth_destination 
In this example postfix will relay mails that are sent from the mail clients programs 
residing inside the local network(10.1.1.0/24) and the localhost (127.0.0.1) and reject 
all other mails. 


Postix Directories and files (fur SuSE) 


/etc/postfix/master.cf Postfix Daemon configuration for running core 
internal programs 


/etc/postfix/main.cf Configuration used by core programs to process 
messages. 

/etc/aliases Text database file of local users aliases 

/etc/aliases.db hash database file of local users aliases 


/etc/postfix/access 
/etc/postfix/access.db 
/etc/postfix/canonical 
/etc/postfix/canonical.db 
/etc/postfix/transport 
/etc/postfix/transport.db 
/etc/postfix/relocated 
/etc/postfix/relocated.db 
/etc/postfix/virtual 
/etc/postfix/virtual.db 
/etc/postfix/sender_canonical 
/etc/postfix/sender_canonical.db 
/etc/postfix/pcre_table 


/var/spool/mail/* Location of local users mailboxes 
/var/spool/postfix Message queues of postfix mail system 


/etc/postfix/postfix-script 
/etc/postfix/postfix-script-nosgid 
/etc/postfix/postfix-script-sgid 
/etc/postfix/regexp_table 


/etc/postfix/sample-aliases.cf Examples of configurations of main.cf. 
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/etc/postfix/sample-auth.cf 
/etc/postfix/sample-canonical.cf 
/etc/postfix/sample-compatibility.cf 
/etc/postfix/sample-debug.cf 
/etc/postfix/sample-filter.cf 
/etc/postfix/sample-flush.cf 
/etc/postfix/sample-ldap.cf 
/etc/postfix/sample-lmtp.cf 
/etc/postfix/sample-local.cf 
/etc/postfix/sample-misc.cf 
/etc/postfix/sample-pcre.cf 
/etc/postfix/sample-rate.cf 
/etc/postfix/sample-regexp.cf 
/etc/postfix/sample-relocated.cf 
/etc/postfix/sample-resource.cf 
/etc/postfix/sample-rewrite.cf 
/etc/postfix/sample-smtp.cf 
/etc/postfix/sample-smtpd.cf 
/etc/postfix/sample-tls.cf 
/etc/postfix/sample-transport.cf 
/etc/postfix/sample-virtual.cf 
/etc/permissions.d/postfix 


/etc/init.d/postfix SuSE Script to start/stop Postfix run level service 


/sbin/rcpostfix SuSE Symbolic Link to above /etc/init.d/postfix 
/var/log/mail Log file for all mail transactions 
/var/mail/ Symbolic link to /var/spool/mail/ 


EE Postfix mail system Core programs ------------------- 


Note: These programs are only started by master daemon or other core programs 
/usr/lib/postfix/bounce Rewrites and Bounces e-mails 
/usr/lib/postfix/cleanup Checks and rewrites message headers 
/usr/lib/postfix/error Handles problematic message delivery 
/usr/lib/postfix/flush Postfix fast flush server 
/usr/lib/postfix/lmtp Handles the Imtp protocol connections 
/usr/lib/postfix/local Delivers local e-mails in mailboxes 
/usr/lib/postfix/master Main daemon controlling core programs 
/usr/lib/postfix/pickup Transfers mails from maildrop message queue 

to cleanup program. 


/usr/lib/postfix/pipe Passes mails to external programs 
/usr/lib/postfix/qmgr before delivery mail queue manager 
/usr/lib/postfix/showq Informs programs about messages queues 
/usr/lib/postfix/smtp Sends mails to mail servers using smtp protocol 


/usr/lib/postfix/smtpd Receives mail from hosts using smtp protocol 
/usr/lib/postfix/trivial-rewrite Rewrites headers to ensure FQDN 
/usr/lib/postfix/spawn daemon provides the Postfix equivalent of inetd 
/usr/lib/postfix/tlsmgr Manages TLS secure smtp connections if used 


nie Postfix Tools -------------------------- 
/usr/bin/mailg Shows the curent mail queue 
/usr/bin/newaliases Translates text (sendmail) aliases to databases 
/usr/sbin/postalias Queries and modifies the postfix aliases database 
eg. postalias -q mail /etc/aliases 
/usr/sbin/postfix Main postfix program (controls master) 
/usr/sbin/sendmail Sendmail like Postfix compatible interface 
/usr/lib/sendmail Symbolic link to above /usr/sbin/sendmail 
/usr/sbin/postcat Displays the content of a message in a queue 
/usr/sbin/postconf Displays configurations entries in main.cf 
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/usr/sbin/postdrop Program used to deposit messages in the 
maildrop message queue if maildrop is not 
world readable . 

/usr/sbin/postkick Allows to send request to the specified service 
over a local postfix transport channel from 
external programs like shell scripts. 

/usr/sbin/postlock locks mail folder before executing a command 

/usr/sbin/postlog Allows to log a text line in the mail log file. 

Acts like logger program but just formail.* 
eg. postlog ~i -p info -t title Message 

/usr/sbin/postmap Converts text lookup tables to databases. (xx.db) 

/usr/sbin/postsuper Deletes or requeues messages in queues. 

eg. postsuper -d ALL deferred 
Deletes all messages of defered queue 
eg.2 postsuper -d MailID 
Mail-ID= Mail ID from mailg command. 


/usr/sbin/qshape [incominglactive|deferred|hold] 
Displays the number of mails in a particular 
queue. incoming, active, deferred or hold 
Under the title 'T' is the total for that queue. 


/usr/sbin/smtp-sink 2??? 
/usr/sbin/smtp-source 2??? 
/var/adm/fillup-templates/rc.config.d.postfix 2??? 
/var/adm/fillup-templates/rc.config.postfix 2??? 


(SuSE)-Postfix Fehlerbehebung 


« Der "Einfluss" von SuSE auf Postfix kann ausgeschaltet werden: mit YaST die 
Variable POSTFIX_CREATECF = no setzten 


«e Achtung! SuSE definiert die Postfix-Parameters am Ende der Datei main.cf. 


« SuSE 7.3 hat schon eine Aktualisierung von post fix. rpm herausgegeben die 
nicht ganz in Ordnung war. postdrop funktionierte nicht mehr. Das Programm 
/usr/sbin/postdrop soll so aussehen: 


-rwxr-sr-x 1 root maildrop 80523 Dec 12 10:22 /usr/sbin/postdrop 


« Das erste Mal wenn Postfix gestartet wird, ist es interessant die Protokolldatei 
/var/log/mail anzuschauen, um zu kontrollieren ob alles in Ordnung 
Hochfährt. Es ist schon passiert das die Aliases-Dantenbank (aliases. db) 
irgendwie nicht lesbar ist. Diese Problem lässt sich leicht beheben indem 
newaliases Befehl aufgerufen wird und Postfix neu gestartet wird. (rcpost fix 
reload). Wenn eine andere Lookup-Tabelle beim ersten starten nicht lesbar ist, 
kann die Tabelle mit postmap hash:/etc/postfix/Tabelle neu gemacht 
werden. Danach muss post fix wieder neu gestartet werden. 


- Alle Mails in den Warteschlangen löschen: 


find /var/spool/postfix/deferred -type f -exec rm {} \; 
find /var/spool/postfix/defer type f -exec rm {} \\; 


- MIME Mail encoding: 
Example of Mail header including MIME 


sendmail michel.dozlinux.local 

ubject: hallo in html 

ime-Version: 1.0 

ontent-type: text/html 

Body><Hl><Font color=red> 
hallo world 


A CS un 
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</Font></H1></body> 
- Einige Postfix-Parametern in main.cf 
myhostname Rechnername + Domäne des Rechners auf dem Postfix läuft. 


mydestination Rechnernamen und/oder Domäne die Postfix als End-Station 
sieht. List of domains that this mail system considers as local. 


myorigin Domäne die am Sender des Emails angehängt wird. Sehr 
praktisch mit virtuelle Domäne oder wenn Postfix auf einem 
Rechner läuft der keine wirkliche Internet-Domäne besitzt. 


defer_transport = smtp 


Die Mails werden in der Warteschlangehereingesetzt und 
werden nach dem Befehl postfix flush gesendet. 
Das ist für "dial up" Verbindungen praktisch. 

mail_name = Zeichenkette das Postfix herausgibt wenn er auf dem 
Port 25 angefragt wird (banner). 


inet_interfaces = 127.0.0.1 (und noch ethx IP Nummern) 


Mail automatisch abholen mit fetchmail 


e fetchmail holt Mails über POP3 oder IMAP, und gibt sie weiter Uber smtp am 
lokalen Mail-Server (Postfix, qmail, Sendmail usw.). Wenn es keinen lokalen Mail- 
Server gibt, dann gibt fetchmail die Mail an eine MDA wie z.B. procmail weiter. 


- Unter SuSE befindet sich das Paket fetchmail in SUSE CD. 


- Konfigurationsdateien von fetchmail: 


/etc/fetchmailrc heissen, oder /root/.fetchmailrc. 

Diese Datei muss erstellt werden mit den Zugriffsrechten 600. 

Machen Sie sicher dass der Benutzer fetchmail hatte /bin/sh oder /bin/bash 
als shell. 


Noch eine Konfigurationsdatei unter SuSE ist: /etc/sysconfig/fetchmail 

z.B. Fetchmail interval settings und andere sind da. 

Example of the configuration file: /etc/fetchmailrc 

defaults protocol pop3 

set daemon 300 (sets the fetch interval to 300 sec.(5 Min) 

poll "pop.tiscalinet.de" 

user "john-Martin" with password "passwort" is john here; 
poll "mail.tiscali-dsl.de" protocol pop3 

user "benutzername" with password "passwort" is joe here; 


poll "post.strato.de" (Note:the usenames include domains at strato.de) 


user "linux@globeall.de" with password "passwort" is 
pierre here; 


user "info@linuxint.de" with password "passwort" is 
michel here mda "/usr/sbin/sendmail -oem -f SF $T"; 


e Tocontrol (start/stop/status) fetchmail daemon: 
Important: If you used fetchmailconf to configure it then copy 
/root/.fetchmailrc to /etc/fetchmailrc 
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rcfetchmail { start | stop | restart reload | status } 
/etc/init.s/fetchmail "" a en Eu 


To insert fetchmail in default runlevel: 
insserv fetchmail 


Fetchmail kann in /etc/ppp/ip-up.local eingefügt werden: 
/etc/init.d/fetchmail start 


und in /etc/ppp/ip-down. local: 
/etc/init.d/fetchmail stop 


natürlich kann fetchmail auch direkt als Befehl ausgeführt werden: 


/usr/bin/fetchmail -d 120 -a -f /etc/fetchmailrc \ 
-L /var/log/fetchmail 


-d startet fetchmail als Dämon, alle 120 sec 
-a holt alle Mails, die alten und neuen 

=f Konfigurationsdatei von fetchmail 

-L Logfile 

/usr/bin/fetchmail -quit (stops fetchmail) 


Documentation: 
A lot of documentation is available after installation in: 
/usr/share/doc/packages/fetchmail 


Fetchmailconf 
This program is a graphic interface program that helps to configure fetchmail, to test 
it temporarily and to make it ready for permanent work. 


Installation: Package: fetchmailconf from SuSE CD 


Starting Fetchmailconf 
Since Fetchmailconf makes changes to the system's configuration, it must be 
started as root user to be allowed to save the changes. 

kdesu fetchmailconf 


Using Fetchmailconf: 
Click on the button 'Configure Fetchmail' to get to the configuration window 
Click on 'Novice Configuration’ 


Inthe 2nd window: 
- Enter the Interval(in minutes) between mail fetching events. 
- Enter the POPS or or IMAP servername and press <Enter> 


In the 3rd window: 
- Select the type of mail protocol to fetch the mail (eg. POP3) 
- Enter the remote username for Authentication on the remote server 
and press <Enter> 


In the 4th window: 
- Enter the user's password 
- (Optional) Enter the SSL configuration parameters. 
- Select the local username to where the fetched mails should be 
delivered. 
- Click on OK 


In the 3rd window: 
- Click on OK 


In the 2nd window: 
- Click on 'Save' 
- Click on yes to agree to overwrite the original configuration file. 
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Configuration file /root/.fetchmailrc will be written. 


« Onthe 1st window: 
- Click on top 'Run Fetchmail' for testing it first. 
Fetchmail will run and fetch the mailbox on the server and save it in 
the local user's mailbox. Check the new mail in the local mailbox: 
mail 


74_Mail_Services.sxw - 26 


Linux-Kurs Themen - Mail Services - June 14, 2009 Michel Bisson 


- Mail-Zugang über POP3 und IMAP zuverfügung stellen 


Den nachste Schritt ist der Zugang zu den Mailboxes auf dem lokalen Mailserver von 
Klienten zu erlauben. 


Fur PoP3 gibt es diePaket imap von BSD (Damon ipop3d) und qpopper (Dämon = 
popper), das von Qualcomm gepflegt wird . 


Für IMAP ist auch das Paket imap zuständig (Damon imapd). 
Alle diese Dämonen können über der inetd gestartet werden: 
Datei /etc/inetd.conf: 


#pop3 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/popper -s 
pop3 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/ipop3d 
imap stream tcp nowait root /usr/sbin/tcpd /usr/sbin/imapd 


Nach einer Änderung in der Datei /etc/inetd.conf muss der Dämon inetd neu 
gestartet werden (rcinetd reload oder killall -HUP inetd) 


Mehr muss nicht gemacht werden. Von einem Klienten, können jetzt die Mails über 
POP3 oder IMAP geholt werden. Der Benutzname und das Passwort sind die vom 
Benutzer-Konto des Rechners aufdem der Mail-Server läuft. 


IMAP server automatically pics-up mail from each user mailbox(/var/mail/user) 
when the user is connecting and transfers it to ~ /mbox. It then reads the mbox and 
works on it. Reading , deleting and new mail is all done in the -/mbox. 


IMPORTANT: POP3 Passwords are NOT secure! 

If you install the programm 'dsniff' and run the command: 

dsniff -m -i etho 

and connect from kmai1 to a pop3 server or someone connect to the local pop3 
server, then the name and password will be seen in the dsniff terminal.!!! 
Solution: install the pop3s server that follows 


To check the POP3 mail on a remote host using mail: 
mail -f show the local mbox's content of the current user, then issue the 
command: 
folder pop3://user@popmailserver.com 
Give password and then issue the command: 
headers 
to see the list of currently waiting mails in mailbox. 
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POP3S (Secure pop3) Configuration 


Install the package 'imap' 


Run the commands: 

cd /etc/ssl/certs 

openssl req -new -x509 -nodes -out ipop3d.pem -keyout ipop3d.pem 
Answer the questions(can be anything) 


Edit the file /etc/xinetd.d/imap 
Under the section'service pop3s' 
disable = no 


Run the command rcxinetd restart 


In the Mail client pop configuration, use SSL and Plain Login method. 
Enter the user login name and password. 
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e Secure SMTP with SASL(SuSE 9.2/10.x) 


- Installation: 
Install the following packages: 
cyrus-sasl, cyrus-sasl-crammd5, cyrus-sasl-digestmd5 
cyrus-sasl-saslauthd ‚cyrus-sasl-plain 


« Postfix basic configuration: 
in /etc/postfix/main.cf 
Make sure that following 2 parameters are entered properly: 


inet_interfaces = 127.0.0.1 ::1 <HostIP> 
myhostname = <Hostname> 

eg. inet_interfaces = 127.0.0.1 ::1 192.168.100.70 
myhostname = laptop.linux.site 


- To activate sas1 authentication do the following: 
in /etc/postfix/main.cf 


broken_sasl_auth_clients = yes 

smtpd_sasl_auth_enable = yes 

smtpd_sasl_application_name = smtpd 

smtpd_sasl_local_domain = Smyhostname 

smtpd_recipient_restrictions = 
permit_mynetworks, 
permit_sasl_authenticated, 
reject 


e To use /etc/sasldb2 database for passwords: 


- Make sure that the group post fix can have read access to /etc/sasldb2 
chown root.postfix /etc/sasldb2 
chmod 640 /etc/sasldb2 


-In /usr/lib/sasl2/smtpd.conf: 


pwcheck_method: auxprop 
auxprop_plugin: sasldb 
mech_list: plain login 


- To create a new /etc/sasldb2 user: 


saslpasswd2 -c -u $(postconf -h myhostname) username 
eg. saslpasswd2 -c -u $(postconf -h myhostname) michel 


- To delete a user from /etc/sasldb2: 
saslpasswd2 -d username 


- To list the sasl users and their realms from /etc/sasldb2 password 
database: 


sasldblistusers2 


- To use the server's shadow password system via PAM: 
- Start the saslauthd Daemon: 
rcsaslauthd start 
insserv saslauthd (for permanent start at boot time) 


-In/usr/lib/sasl2/smtpd.conf: 
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pwcheck_method: saslauthd 
mech_list: plain login cram-md5 


Or: 


e Using the sas1 authentication method instead of PAM 
pwcheck_method: auxprop 
auxprop_plugin: sasldb 
mech_list: plain login cram-md5 


- To add new users to sasl authentication: 
mkdir /etc/empty 
useradd -mk /etc/empty -s /bin/false username 


- To test locally the sas1 authentication: 
testsaslauthd -u username -p password 


- MAIL CLIENT configuration: 
- Port 25 
- Need authentication(Give name and password) 
- Encryption=NONE 
- Authentication=LOGIN 


« More info in: 
/usr/share/doc/packages/postfix/README_FILES/SASL_README 
- Forward und Vacation Funktionen 


The file ~/.forward 
will activate the forwarding of the user's mail to another local user. 
Just enter the local username of the user to which the mail should be forwarded. 
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Protecting mail against virusses/spam with amavis-new(Suse 9.2/9.3) 


1) INSTALLATION 
Install the following packages from SuSE 9.2/9.3 distribution Cds/DVD: 
- postfix 
- amavis-new 
- clamav 
- clamav-db(only if you don't update the virus signatures database from Internet) 
- antivir 
- antivir-avguard (on SuSE 10.1 ) 
- perl-spamassassin 
- spamassassin 


2) CONFIGURATION: 


AMAVIS 
- Editthe file /etc/amavisd.conf 
Adapt the follwoing line: (around line 18) to be the FQDN of the local host 
eg. Smydomain = 'laptop.linux.site'; 
Amavis will send an email to root user of this above host per refused mail. 
ANTIVIR 


- Edit the file: /etc/antivir.conf and change the email address for virus 
notification: eg. EmailTo root@laptop.linux.site 


- Make sure the dakuso kernel module is loaded at boot time: 
add dazuko to the MODULES_LOADED_ON_BOOT variable 

/etc/sysconfig/kernel before the capability module, e.g.: 
MODULES_LOADED_ON_BOOT="dazuko capability" 

(optional)You can manually prepare the system now for testing by doing: 
rmmod capability 
modprobe dazuko 
modprobe capability 


CLAMAV 
(Optional)Edit the configuration file: /etc/freshclam.conf 
It can be edited to change the frequency per day of the database updating: 
eg. Checks 12 (Default) 
(Updates the virus signatures database 12 times a day) 
Run the command freshclam if you're connected to the internet to get the latest 
virus signatures database. Later freshclam will be run automatically from clamav. 


SPAMASSASSIN 
Nothing to do. 


SOPHOS Virus scanner 
- Get the latest version of the Sophos(Linux on Intel using libc6 (glibc2.2) at: 
http://www.sophos.com/support/updates/sophos-anti-virus-non-windows.html 
- Unpack the Sophos tarball file in /usr/local/Sophos-Install 
- Do the following commands: 
cd /usr/local/Sophos-Install 
./install.sh 
- Uncomment the Sophos Virus scanner lines at the end of /etc/amavis.conf 
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POSTFIX 
Use Yast to configure the use of Amavis Virus scanner (cross the appropriate box) 
or edit the file: /etc/postfix/master.cf and change the following first line from: 


smtp inet n - n - 2 smtpd to 
smtp inet n - n - 2 smtpd -o content_filter=smtp: [127.0.0.1]:10024 
and add the following line: 
localhost:10025 inet n - n - - smtpd -o content_filter= 
Starting sequence: 
Postfix Service: rcpostfix start 
AntiVir Daemon: rcavguard start 
ClamAV Daemon: rcclamd start 
Spamd Daemon: rcspamd start 
AmaVis Daemon: rcamavis start 


ClamAV DB Update: rcfreshclam start 


To make sure they all start at boot time: 
insserv postfix avguard clamd amavis freshclam spamd 


More INFO on Virus scanners 


« AMAVIS (TCP Port 10024) 
The Virus notification mail will be sent to the root user of this defined host. 
The virus mails will be quarantained into the directory defined by the following 


entry: SQUARANTINEDIR = '/var/spool/amavis/virusmails'; 
The working directory of Amavis is defined by the following entry: 

SMYHOME = '/var/spool/amavis'; 
Optional: 


Disabling all mails virus checks and banned names: 
To prevent Virus/Banned/SPAM names checks on ALL incoming mails then insert 


the following directives:(In SUSE you only need to uncomment the lines.) 
@bypass_virus_checks_maps = (1); 
@bypass_spam_checks_maps = (1); 


If you want to prevent Virus checks on mails for certain recipients, then here are 
some examples of filters(in /etc/amavis.conf) that do that. Note here that the 
virus and banned checks are separate to allow for finer filtering. 


Disabling all mails virus checks and banned names(for attached files) for the user 
michel for the domain linux.site and its subdomains. 


@bypass_virus_checks_acl = qw( michel em .linux.site ); 
@bypass_banned_checks_acl = qw( michel em .linux.site ); 


Disabling all mails virus checks and banned names(for attached files) for the 

domain linux.site but not for its subdomains. 
@bypass_virus_checks_acl = oi linux.site ); 
@bypass_banned_checks_acl = qw( linux.site ); 


Sending all virus mails and banned mails to one recipient(virus administrator) 
for later checking. 
This feature involves a few steps: 
- Create the user infected in the system 
useradd infected ; passwd infected 
- Include the following directives in /etc/amavis.conf 


74_Mail_Services.sxw - 32 


Linux-Kurs Themen - Mail Services - June 14, 2009 Michel Bisson 


Svirus_quarantine_to = 'infected@'; 
Sbanned_quarantine_to = 'infected@'; 
The user infected can now retrieve the infected mails like other mails and pick 
them up via the pop3 server. 


CLAMAV (TCP port 3310) 
Adapt the file: /etc/clamd.conf if needed. (normally not needed) 
Notification of virus check: 
The default is to send a syslog message as 'mail' facility message. 
Normally it would be seen in /var/log/mail log file. 
Its virus database directory is /var/lib/clamav 
Its working TCP port is: 3310 
Updating regularly ClamAV virus database: 
It is done by running the daemon freshclam with the command: 
rcfreshclam start 


ANTIVIR & AVGUARD 
Antivir is composed of 2 Virus Scanners: 
- Access scanner: antivir 
- System Virus Scanner: avguard 
- works by loading a kernel module called: dazuko 


ANTIVIR: 
Adapt the file: /etc/antivir.conf and /etc/avguard.conf if needed. 
(Normally not needed) Its working directory is: /usr/lib/Antivir 


AVGUARD: 
If you want to use AvGuard, you have to disable at least the selinux 
framework, using the kernel boot parameter "selinux=0" and "capability=0". 
NOTE: remember that by disabling these modules, you will have trouble running 
named and dhcpd servers which need the 'capability' module. 
Updating regularly the AntiVir Virus Database: 
- Create a cron job with the command: /usr/bin/antivir -q --update 
NOTE: The ANTIVIR license from SuSE doesn't allow for automatized updates. 
For more info read the file: 
/usr/share/doc/packages/antivir/README. SuSE 


SPAMASSASSIN 
[Optional] 


To make sure that spamassassin ‘learns’ further about what is a spam or 
ham(good mail) then do the following: 
- Create 2 spam user accounts in the mail server where spamassassin resides: 
useradd -g nogroup -s /bin/false spamadmin 
useradd -g nogroup -s /bin/false hamadmin 
- Make sure that the users in the network are forwarding: 
their non-tagged spam mails to spamadmin@server.site 
and their ***SPAM*** tagged good mails to hamadmin@server site 
Note: Tagged mails are the ones that have already received the extra 
***SPAM*** tag in the Subject field. 


- Run the following script regularly: (cron job) 


#!/bin/bash 

mkdir /var/spool/spam 2>/dev/null 
mkdir /var/spool/oldspam 2>/dev/null 
mkdir /var/spool/ham 2>/dev/null 
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mkdir /var/spool/oldham 2>/dev/null 

mv /var/mail/spamadmin /var/spool/spam/spam_$ (date -'+%Y.3m.%d-%3H.%M.%S') 
mv /var/mail/hamadmin /var/spool/ham/ham_$ (date -'+%Y.%m.%d-%H.%M.%S') 
sa-learn --spam /var/spool/spam 

sa-learn --ham /var/spool/ham 

mv /var/spool/ham/* /var/spool/oldham 

mv /var/spool/spam/* /var/spool/oldspam 


NOTE: Make sure that the number of Spams and Hams mails given to the learner 
program is around the same. Learning only from spams mails doesn't work and 
can lead to many false recognitions. 


- SOPHOS Virus scanner 


- Installing Sophos: 
- Install wget in the system.(needed for the auto update of virus database) 


- Get the latest tarball from: 
http://www.sophos.com/support/updates/sophos-anti-virus-non-windows.html 


- You need an EM Library name and password to download it. 
Make sure you get the right version for for you installed glibc. 
Linux on Intel using libc6 (glibc2.2) for SuSE 9.3 
- Extract the file in a directory like /usr/local/Sophos-install 
- Run the script /usr/local/Sophos-install/install.sh 
- Just run these commands once after the installation to make sure that the 
directory /usr/local/ide is a symbolic link to the latest installed ide's. 
mv /usr/local/ide /usr/local/ide_1 
ln -s /usr/local/ide_1l /usr/local/ide 
- Uncomment the lines pertaining to Sophos in /etc/amavis.conf (almost 
at the very end of the file). Then restart amavis. The /var/log/mail 
should show that amavis recognized the virus Sophos virus scanner. 
Note: (Optional)To make sure that Sophos is seen as a primary virus 
scanner, move the Sophos lines from the backup scanners section: 
@av_scanners_backup = (..... 
to the primary scanners section: 
@av_scanners = (..... 


- Avirus reporting program daemon(icheckd)is delivered with it.(optional) 
It receives virus reports from network clients sophos scanners and produces 
a report of viruses. To install and run it, run the script: 
install -i from the Sophos installation directory. 


- The main virus scanner is: sweep. It is normally used by Amavis. 


The scanner program sweep can also be used manually: 

sweep / (Scans the whole system for viruses) 
sweep /dir/to/my/file (Scans a file for viruses) 

many other ways to use sweep are documented on the web site. 


- The auto-update of the virus database is using a shell script and a perl script 
that are not part of the standard package. They are called: 


/etc/cron.daily/Sophos.autoupdate (shell script) 
/usr/local/bin/Sophos_autoupdate (perl script) 
Sophos. autoupdate is triggered daily by cron and it calls the perl script. 
Some parameters at the beginning of the perl script can be adjusted to 
match the current version of Sophos. It also needs the programs wget to be 
installed in the system. This script automatically retrieves the latest virus 
database from the Internet, http: //www. sophos.com/downloads/ide/ 
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saves it in a new directory (/usr/local/and changes the symbolic link: 
/usr/local/ide to point to this new directory. 

A large database of older viruses is also located in a fixed location in 
/usr/local/sav 


POSTFIX: 


To send the virus notifications to another user than root then modify the file: 
/etc/aliases as follows: 

root: michel 
and run the command: 

newaliases 


NOTE: Watch the /var/log/mail while loading the AmaVis Daemon. It will 
display the name of the virus scanners it automatically finds and use, as well as 
other important information on what AmaVis uses to scan the mails. 
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- Blocking SPAM via Internet ‘Black list’ 
There are a few black lists servers on the Internet that can be used to block 
unwanted SPAM Mails. Postfix is already capable to use these blacklists. Here are 
the directives that need to be written in the main. cf configuration file from Postfix: 


smtpd_client_restrictions = 

reject_rbl_client dul.dnsbl.sorbs.net 
or 

reject_rbl_client sbl-xbl.spamhaus.org 
or 

reject_rbl_client list.dsbl.org, 


« Good example for mail filtering: 
smtpd_recipient_restrictions = 

check_recipient_access hash:/etc/postfix/spam_rec_addr, 
permit_mynetworks, 
permit_sasl_authenticated, 
reject_unauth_destination, 
reject_invalid_hostname, 
reject_non_fqdn_sender, 
reject_non_fqdn_recipient, 
reject_unknown_sender_domain, 
reject_unknown_recipient_domain, 
reject_rbl_client blackholes.easynet.nl, 
reject_rbl_client cbl.abuseat.org, 
reject_rbl_client proxies.blackholes.wirehub.net, 
reject_rbl_client dnsbl.njabl.org, 
reject_rbl_client list.dsbl.org, 
reject_rbl_client sbl-xbl.spamhaus.org, 
reject_rbl_client bl.spamcop.net, 
reject_rhsbl_client blackhole.securitysage.com, 
reject_rhsbl_sender blackhole.securitysage.com, 
permit 


smtpd_data_restrictions = 
reject_unauth_pipelining 


smtpd_sender_restrictions = 
permit_mynetworks, 
permit_sasl_authenticated, 
reject_unknown_sender_domain, 
reject_non_fqdn_sender, 
check_sender_access hash:/etc/postfix/spam_addr 
permit 


The following one rejects mails from Yahoo 
# reject_rbl_client bl.spamcop.net, 


- Controlling access/relay of postfix 
Multiple directives in the main.cf file allow to restrict the postfix access. 
Here is a list of them and how they work: 


- The table below summarizes the purpose of each SMTP access restriction list. All 
lists use the exact same syntax; they differ only in the time of evaluation and in the 
effect of a REJECT or DEFER result. 


« Each restriction list is evaluated from left to right until some restriction produces a 
result of PERMIT, REJECT or DEFER (try again later). The end of the list is 
equivalent to a PERMIT result. By placing a PERMIT restriction before a REJECT 
restriction you can make exceptions for specific clients or users. This is called 
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whitelisting; the last example above allows mail from local networks but 
otherwise rejects mail to arbitrary destinations. 


Restriction list name Status SES GE or DEFER 
smtpd_client_restrictions Optional Reject all client commands 
smtpd_helo_restrictions Optional Reject HELO/EHLO information 
smtpd_sender_restrictions Optional Reject MAIL FROM information 
smtpd_recipient_restrictions Required Reject RCPT TO information 
smtpd_data_restrictions Optional Reject DATA command 
smtpd_end_of_data_restrictions Optional Reject END-OF-DATA command 
smtpd_etrn_restrictions Optional Reject ETRN command 
Examples: 


# Allow connections from trusted networks only. 
smtpd_client_restrictions = permit_mynetworks, reject 


# Don't talk to mail systems that don't know their own hostname. 
# With Postfix < 2.3, specify reject_unknown_hostname. 
smtpd_helo_restrictions = reject_unknown_helo_hostname 


# Don't accept mail from domains that don't exist. 
smtpd_sender_restrictions = reject_unknown_sender_domain 


# Block clients that speak too early. 
smtpd_data_restrictions = reject_unauth_pipelining 


# Enforce mail volume quota via policy service callouts. 
smtpd_end_of_data_restrictions = check_policy_service 
unix:private/policy 
# Whitelisting: local clients may specify any destination. Others may not. 
smtpd_recipient_restrictions = permit_mynetworks, 
reject_unauth_destination 


One powerful directive is the lastone: smtpd_recipient_restrictions. 
It allows to restrict the relaying of mails according to different rules. 


smtpd_recipient_restrictions (default: permit_mynetworks, reject_unauth_ destination) 
The access restrictions that the Postfix SMTP server applies in the context of the RCPT 
TO command. 

By default, the Postfix SMTP server accepts: 


« Mail from clients whose IP address matches $mynetworks, or: 

- Mail to remote destinations that match $relay_domains, except for addresses that 
contain sender-specified routing (user@elsewhere@domain), or: 

- Mail to local destinations that match $inet_interfaces or $proxy_interfaces, 
$mydestination, $virtual_alias domains, or $virtual_mailbox_domains. 


IMPORTANT: If you change this parameter setting, you must specify at least one of the 
following restrictions. Otherwise Postfix will refuse to receive mail: 
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reject; deter, defer if pērmit, reject únauth destination 


Specify a list of restrictions, separated by commas and/or whitespace. Continue long lines 
by starting the next line with whitespace. Restrictions are applied in the order as specified; 
the first restriction that matches wins. 


The following restrictions are specific to the recipient address that is received with the 
RCPT TO command. 


check_recipient_access type:table 
Search the specified access(5) database for the resolved RCPT TO address, 
domain, parent domains, or localpart@, and execute the corresponding action. 
check_recipient_mx_access type:table 
Search the specified access(5) database for the MX hosts for the RCPT TO address, 
and execute the corresponding action. Note: a result of "OK" is not allowed for safety 
reasons. Instead, use DUNNO in order to exclude specific hosts from blacklists. This 
feature is available in Postfix 2.1 and later. 
check_recipient_ns_access type:table 
Search the specified access(5) database for the DNS servers for the RCPT TO 
address, and execute the corresponding action. Note: a result of "OK" is not allowed 
for safety reasons. Instead, use DUNNO in order to exclude specific hosts from 
blacklists. This feature is available in Postfix 2.1 and later. 
permit_auth_destination 
Zul the request when one of the following is true: 
Postfix is mail forwarder: the resolved RCPT TO address matches 
$relay_domains or a subdomain thereof, and the address contains no sender- 
specified routing (user@elsewhere@domain), 
Postfix is the final destination: the resolved RCPT TO address matches 
$mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, 
or $virtual_mailbox_domains, and the address contains no sender-specified 
routing (user@elsewhere@domain). 
permit_mx_backup 
Permit the request when the local mail system is MX host for the RCPT TO address. 
This includes the case that the local mail system is the final destination. However, the 
SMTP server will not forward mail with addresses that have sender-specified routing 
information (example: user@elsewhere@domain). Use the optional 
permit_mx_backup_networks parameter to require that the primary MX hosts match 
a list of network blocks. 
Note: prior to Postfix version 2.0, use of permit_mx_backup is not recommended; 
mail may be rejected in case of a temporary DNS lookup problem. 
reject_non_fqdn_recipient 
Reject the request when the RCPT TO address is not in fully-qualified domain form, 
as required by the RFC. 
The non_fqdn_reject_code parameter specifies the response code to rejected 
requests (default: 504). 
reject_rhsbl_recipient rbI_domain=d.d.d.d 
Reject the request when the RCPT TO domain is listed with the A record "d.d.d.a" 
under rb/_domain (Postfix version 2.1 and later only). If no "=d.d.d.d" is specified, 
reject the request when the reversed client network address is listed with any A 
record under rb/_domain. 
The maps_rbl_reject_code parameter specifies the response code for rejected 
requests (default: 554); the default_rbl_reply parameter specifies the default server 
reply; and the rbl_reply_maps parameter specifies tables with server replies indexed 
by rbI_domain. This feature is available in Postfix 2.0 and later. 
reject_unauth_destination 
Reject the request unless one of the following is true: 
Postfix is mail forwarder: the resolved RCPT TO address matches 
$relay_domains or a subdomain thereof, and contains no sender-specified 
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routing (user@elsewhere@domain), 
Postfix is the final destination: the resolved RCPT TO address matches 
$mydestination, $inet_interfaces, $proxy_interfaces, $virtual_alias_domains, 
or $virtual mailbox_domains, and contains no sender-specified routing 
(user@elsewhere@domain). 
The relay domains reject_code parameter specifies the response code for rejected 
requests (default: 554). 
reject_unknown_recipient_domain 
Reject the request when the RCPT TO address has no DNS A or MX record and 
Postfix is not final destination for the recipient address. 
The unknown_address_reject_code parameter specifies the response code for 
rejected requests (default: 450). The response is always 450 in case of a temporary 
DNS error. 
reject_unlisted_recipient (with Postfix 2.0: check_recipient_maps) 
Reject the request when the RCPT TO address is not listed in the list of valid 
recipients for its domain class. See the smtpd_reject_unlisted_recipient parameter 
description for details. This feature is available in Postfix 2.1 and later. 
reject_unverified_recipient 
Reject the request when mail to the RCPT TO address is known to bounce, or when 
the recipient address destination is not reachable. Address verification information is 
managed by the verify(8) server; see the ADDRESS_ VERIFICATION README file 
for details. 
The unverified_recipient_reject_code parameter specifies the response when an 
address is known to bounce (default: 450, change into 550 when you are confident 
that it is safe to do so). Postfix replies with 450 when an address probe failed due to 
a temporary problem. This feature is available in Postfix 2.1 and later. 


Other restrictions that are valid in this context: 
Generic restrictions that can be used in any SMTP command context, described 
under smtpd_client_restrictions. 


SMTP command specific restrictions described under smtpd_client_restrictions, 
smtpd_helo_restrictions and smtpd_sender_restrictions. 


Example: 
smtpd recipient restrictions = permit mynetworks, reject unauth destination 
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'Greylisting' antispam module for SuSE 9.x/10.x 


Description: The Greylisting AntiSpam module for Postfix will refuse all mails 
coming from mail servers the first time it receives them with an error code 450 that 
means try later. Then it will accept the mails that are resent and put their server 
names into a list. The next time the same server sends mail, it will be accepted the 
first time. So the spammers that don't use mail servers that resends mail are 
simply always refused. It allows also for a ‘black list' of real mail servers that send 
spam and ‘white list' of servers that will be accepted the first time. 


There are multiple implementations of this technique: 


- The Perl based standard Greylisting system based on perl 
modules and using mysal/sql-lite databases. It can be found at: 


http://projects.puremagic.com/greylisting/ 

- he 'C/C++' Program using Mysq] database. It can be found at: 
http://www.gasmi.net/gld.htmi 

- The 'C/C++' Program using DBI/Mysql databases. It can be found at: 
http://mimo.gn.apc.org/gps/ 

- The 'Python' Program tumgreyspf using a database directly written on 


the local file system. It can be found at: 
http://www.tummy.com/Community/software/tumgreyspf/ 


Note:l have started to describe the standard perl modules based system below but 

didn't finish it yet. The reason for that being that I'm not so experienced with Perl 
and was haing trouble finding all the Perl modules appropriate to the current perl 

version in SuSE 9.x/10.x. 


Gerylisting/SPF check based on tumgreyspf system. 


This system checks for bad SPF and Greylisting. 
Because of the dependance on perl modules and external databases systems of 
other greylisting systems | opted for the last in the above list: 

The 'Python' Program tumgreyspf. 
This greylisting system does also SPF checking. (address check of sender server) 
It prevents many self forged return adresses in SPAMs. 
The SPF checks the validity of the sending server which is seen in the header of the 
mail in 'Retrurn Path' entry. 
Note: This system uses the local file system instead of the usual MySQL database 
for recording the greylist. It has advantages and disadvantages. 
Advantages: 


It doesn't rely on any external database, therefore less prone to breakdowns 


It uses the Python interpreter instead of Perl, therefore less dependant on 
extra modules. 


Disadvantages: 


The local file system is a less efficient database system as MySQL 


The greylists must be cleaned regularly to avoid overloading the local file 
system. 
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Installation on SuSE 9.x/10.x 


Note: The web site offers also an RPM for installation. The difficulty here is that the 
. tar.gz standard paths of the system are different than the ones in the RPM file. 
| opted for the .tar.gz to be more flexible in case | want to install it in a Debian 
system as well. 


- Download the latest version of the system from: 
http://Awww.tummy.com/Community/software/tumgreyspf/ 
- Copy the tarball (tumgreyspf-1.11 .tar.gz) file in /usr/local directory. 


- Unpack the file and change directory to the new unpacked directory: 
cd /usr/local/ 
tar fvxz tumgreyspf-1.1ll.tar.gz 
cd tumgreyspf-1.11 


- Note: This system comes with a file called README. It provides useful 
information concerning this system. To help making sure it is adapted to 
the SuSE environment, | created the following instructions that | 
recommend to follow. 


- Run the following script:(or execute all these commands one by one) 


#!/bin/bash 
TGSPROG=/usr/local/lib/tumgreyspf 
TGSDATA=/var/local/lib/tumgreyspf 
TGSUSER=nobody 


# set up directories 

cd /usr/local/tumgreyspf-1.11/ 

mkdir -p "STGSPROG" "STGSDATA"/config 

mkdir "STGSDATA"/data 

cp __default__.dist "STGSDATA"/config/__default__ 


# install programs 

cp tumgreyspf tumgreyspf-clean tumgreyspf-configtest "STGSPROG" 

cp tumgreyspf-install tumgreyspf-stat tumgreyspfsupp.py "STGSPROG" 
cp tumgreyspf.conf "STGSDATA"/config/ 

In -s STGSPROG/tumgreyspf-stat /usr/sbin 


# change permissions and ownership 

chown -R "STGSUSER" "STGSDATA" 

chown -R root "STGSPROG" "STGSDATA"/config 
chmod 700 "STGSDATA"/data 

chmod -R 755 "STGSDATA"/config 


# Prepare a cron job for regular daily clean-up (IMPORTANT) 
echo "0 0 * * * STGSUSER STGSPROG/tumgreyspf-clean" \ 
>/etc/cron.d/tumgreyspf 


- Edit the file /etc/postfix/master.cf and add the following 2 lines: 


tumgreyspf unix = n n - = spawn 
user=nobody argv=/usr/local/lib/tumgreyspf/tumgreyspf 
(IMPORTANT: Note that the second line doesn't start at the begining of the line) 


- Edit the file /etc/postfix/main.cf and add the entry: 


check_policy_service unix:private/tumgreyspf 
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right after the "reject_unauth_destination," 


Example: 

smtpd_recipient_restrictions = \ 
permit_mynetworks, \ 
reject_non_fqdn_hostname, \ 
reject_invalid_hostname, \ 
reject_unauth_destination, \ 
check_policy_service unix: private/tumgreyspf 


WARNING: It's very important that you have "reject_unauth_destination," 
before the check_policy_service entry. If you don't, your system 
may be an open relay. 


- In the same (main. cf) file add also the entry: 


tumgreyspf_time_limit = 3600 
(This line is undocumented, so it is recommended to enter it as it is.) 


- Restart postfix with the command: 
rcpostfix restart 


Testing the greylisting 


There is an easy way to test the greylisting using the telnet utility as follows: 
Note: 
In the example below, I'm initiating sending a mail from the host: 
laptop.linux.site from the user billy@laptop.linux.site 
to the user michel in the destination mail server vsuse93b.linux.site 
The greylisting system runs in the destination mail server. 
Here, what | type in the terminal is in bold, the rest are answers from the server. 


telnet 192.168.100.40 25 

Trying 192.168.100.40... 

Connected to 192.168.100.40. 

Escape character is '*]'. 

220 vsuse93b.linux.site ESMTP Postfix 
helo laptop.linux.site 

250 vsuse93b.linux.site 

mail from: billy@laptop.linux.site 
250 Ok 

rept to: michel@vsuse93b.linux.site 
450 <michel@vsuse93b.linux.site>: Recipient address rejected: 
Service unavailable, greylisted. 


The mail was refused but the error message number 450 tells the sending server to try 
again later. 
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After 10 minutes | try again: 


telnet 192.168.100.40 25 

Trying 192.168.100.40... 

Connected to 192.168.100.40. 

Escape character is '*]'. 

220 vsuse93b.linux.site ESMTP Postfix 
helo laptop.linux.site 

250 vsuse93b.linux.site 

mail from: billy@laptop.linux.site 
250 Ok 

rept to: michel@vsuse93b.linux.site 
250 Ok 

quit 

221 Bye 

Connection closed by foreign host. 


This time the mail was accepted and will always be afterwards from this server, unless it 
receives no mail for a certain time. Then it will be refused the first time mail again. 

This time limit is set in the default configuration file explained below by the entry: 
GREYLISTEXPIREDAYS = 10.0 


Configuring the Greylisting system 


This system comes with a default configuration that applies to all incoming mails and mail 
servers for greylisting. Extra individual configurations can also be made to override the 
defaults. Here are the entries and their meaning of the default configuration file locates at: 


/var/local/lib/tumgreyspf/config/__default__ 


Content of default configuration file: 


# SPFSEEDONLY=1 will only check SPF. Should not be used for decisions. 
# In fact I'm not really sure what it is good for then. 


SPFSEEDONLY = 0 
# The time amount of time(in seconds) the mail system will be refusing a first time 


# mail/mail-server before it will accept any mail from this server forever afterwards. 
# In this case a server can retry sending the mail 10 minutes later and it will be accepted. 


GREYLISTTIME = 600 


# what checks will be performed on all mails. Only the listed checks will be performed. 
#greylist Performs a check against the greylist 

#spf Performs an SPF check in the mail header 

#blackhole Performs a Blacklist check to refuse a specific email based on the IP 


# or the sender's address. 
CHECKERS = greylist,spf,blackhole 


# Which configurations are taken for accounts when checking 


OTHERCONFIGS = client_address,envelope_sender,envelope_recipient 


# The number of days after which, if no messages have come in from a server 

# we will drop the greylist entry. That means blocking again the first attempt to send mail 
# from this server. This value is used by "tumgreyspf-clean" program normally run by 
# acron job. 
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GREYLISTEXPIREDAYS = 10.0 


Creating while lists 
(for servers that shouldn't be refused first time mail) 


We can 'whitelist' 4 types of information: 
- Single IP 
- Full subnet (eg. 192.168.100.0/24) 
- Recipient user address 
(contained in the email header ‘envelope’ not the 'To: ...' in the message' 
- Sender user address 
(contained in the email header 'envelope' not the From: ...' in the message’ 


Whitelisting an IP of a remote mail server. 


If a server doesn't respond well to the ‘Resend Later’ error message 450 and doesn't 
resend later, then we need to enter its IP into a while list that will let it send emails without 
firs time refusal. White listing is done by creating a configuration file in a specific directory. 
Here is an example: 


If we want to always allow mail from the host with IP 213.56.156.23 but still check its 


SPF(CHECKERS=spf) we would create the file: 
/var/local/lib/tumgreyspf/config/client_address/213/56/156/23 


the file named ' 23 "would contain the following lines: 


SPF SEEDONLY=0 
GREYLISTTIME=300 
CHECKERS=spf 
OTHERCONFIGS= 


Now that is a bit of work to do for each IP we want to 'whitelist'. So I've created the 
following small bash script that does the job. 
Syntax: 

whitelist-ip IPNumber 


eg. 
whitelist-ip 213.56.156.23 


#!/bin/bash 
# Creates a whitelist of an IP for tumgreyspf system 
# Make sure that we have one parameter 


#Setting some variables 
whitelistdir="/var/local/lib/tumgreyspf/config/client_address" 
IP=$1 
# Make sure we have one and only one parameter as the IP 
if [ "S#" -ne 1 ]; then 

echo "ERROR: Wrong number of parameters" 

echo "Syntax: whitelist-ip IPNumber" 


exit 1 
fi 
# Make sure that the IP given is a valid IP 
if !(echo SIb | egrep "^([0-9]{1,3}\.){3}[0-9]{1,3}$" &>/dev/null) ; then 
echo "ERROR: Bad IP Syntax" 
exit 2 
fi 
# SSeS E H i SS oo eS eS eS eS eS En moon 
# Verify validity if all numbers in IP (0-255) 
IFS="." 
len=0 
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for num in SIP ; do 
let len++ 
# Do not accept more than 4 numbers 
if [ "Slen" -gt 4 -a "$num" != mn ] ; then 
echo "ERROR: NO proper IP given." 
exit 3 
# Do not accept numbers higher than 255 
elif [ "Snum" -gt 255 ] ; then 
echo "ERROR: Wrong values in IP." 
exit 4 
# Do not accept empty fields eg. 192..168.30 
elif [ "$num" = "" ] ; then 
echo "ERROR: Wrong format IP." 
exit 5 
fi 
done 
unset IFS 
# Extract the IP part that will be used as a dircectory name 
dirpart=$ (echo SIP | cut -d. -f1,2,3 | tr "." "/") 


mkdir -p $whitelistdir/$dirpart 2>/dev/null 
configfilename=$ (echo $IP | cut -d. -f4) 


# Now create the configuration file (whitelisting) for this IP 


echo "PFSEEDONLY=0" > Swhitelistdir/$dirpart/$configfilename 
echo "GREYLISTTIME=300" >> Swhitelistdir/Sdirpart/Sconfigfilename 
echo "CHECKERS=spf" >> Swhitelistdir/Sdirpart/Sconfigfilename 
echo "OTHERCONFIGS=" >> Swhitelistdir/Sdirpart/Sconfigfilename 


Whitelisting an subnet of a remote mail server. 


A full subnet can be 'whitelisted' by creating a ` default configuration file with the 
same content as the one for 'whitelisting' an IP in following manner: 


Example: If we want to 'whitelist' all hosts from the local subnet 192.168.100.0/24 then 
we would create the following _default_ file: 
/var/local/lib/tumgreyspf/config/client_address/192/168/100/__default__ 


In this case the SPF check does not need to be performed since it is most likely our local 
network. (CHECKERS=) 

This __default__ file would contain: 

SPF SEEDONLY=0 

GREYLISTTIME=300 

CHECKERS= 

OTHERCONFIGS= 


I've created the following small bash script that does the job. 
Syntax: 
whitelist-net PartialIPNumber 


eg. 
whitelist-net 192.168.100 


#!/bin/bash 
# Creates a whitelist of all hosts of a subnet for tumgreyspf system 
# Make sure that we have one parameter 


#Setting some variables 


IP=$1 
whitelistdir="/var/local/lib/tumgreyspf/config/client_address" 
# Make sure we have one and only one parameter as the Partial IP 
if [ "S#" -ne 1 ]; then 

echo "ERROR: Wrong number of parameters" 

echo "Syntax: whitelist-net PartialIPNumber" 

exit 1 
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fi 

# Make sure that the partial IP given is valid 

if !(echo SIb | egrep "^([0-9]{1,3}\.){2}[0-9]{1,3}$" &>/dev/null) ; then 
echo "ERROR: Bad partial IP Syntax" 


exit 2 
fi 
# Verify validity if all numbers in IP (0-255) 
IFS=" 2 " 
len=0 
for num in SIP ; do 
let len++ 
# Do not accept more than 3 numbers 
if [ "Slen" -gt 3 -a "$num" != mn ] ; then 
echo "ERROR: NO proper IP given." 
exit 3 
# Do not accept numbers higher than 255 
elif [ "Snum" -gt 255 J ; then 
echo "ERROR: Wrong values in IP." 
exit 4 
# Do not accept empty fields eg. 192..168 
elif [ "$num" = "" ] ; then 
echo "ERROR: Wrong format in IP." 
exit 5 
fi 
done 
unset IFS 
# Extract the IP part that will be used as a directory name 
dirpart=$(echo $IP | cut -d. -f1,2,3 | tr "." "/") 


mkdir -p Swhitelistdir/S$dirpart 2>/dev/null 


# Now create the configuration file (whitelisting) for this Network 


echo "PFSEEDONLY=0" > $whitelistdir/$Sdirpart/__default__ 
echo "GREYLISTTIME=300" >> $whitelistdir/$dirpart/__default__ 
echo "CHECKERS=" >> Swhitelistdir/S$dirpart/__default__ 
echo "OTHERCONFIGS=" >> Swhitelistdir/S$dirpart/__default__ 
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Whitelisting a recipient's address. 


If we want to always allow all incoming mails for a local user from the first time on, then 
we would create a configuration file called after the user containing the same as for an IP 
whitelisting. Example: Always allowing all incoming emails for address: 
martin@mydomain.com then we would create the file: 
/var/local/lib/tumgreyspf/config/envelope_recipient/mydomain.com/martin 


with the content: 

SPF SEEDONLY=0 

GREYLISTTIME=300 

CHECKERS=spf 

OTHERCONFIGS= 

I've created the following small bash script that does the job. 
Syntax: 


whitelist-recipient RecipientAddress 


eg. 


whitelist-recipient martin@mydomain.com 


Whitelisting a recipient's address (whitelist-recipient) 


#!/bin/bash 
# Creates a whitelist of a recipient's adddress for tumgreyspf system 
# Make sure that we have one parameter 


#Setting some variables 
addr=$1 
whitelistdir="/var/local/lib/tumgreyspf/config/envelope_recipient" 


# Make sure we have one and only one parameter as the recipient's address 
if [ "S#" -ne 1 ]; then 

echo "ERROR: Wrong number of parameters" 

echo "Syntax: whitelist-recipient RecipientAddress" 


exit 1 
fi 
# Make sure that the recipient address is a valid email address format 
if !(echo $addr | egrep "*.+@.+\..+5" &>/dev/null) ; then 
echo "ERROR: Bad partial email address Syntax" 
exit 2 
fi 
# Se a ts a le EE E de EE es ee ee ee Ae 


# Extract the host part that will be used as a directory name 
dirpart=$(echo $addr | cut -d@ -f2) 

username=$ (echo Saddr | cut -d@ -f1) 

mkdir -p Swhitelistdir/S$dirpart 2>/dev/null 


# Now create the configuration file(whitelisting) for this Network 


echo "PFSEEDONLY=0" > Swhitelistdir/Sdirpart/Susername 
echo "GREYLISTTIME=300" >> Swhitelistdir/Sdirpart/Susername 
echo "CHECKERS=spf" >> Swhitelistdir/$dirpart/Susername 
echo "OTHERCONFIGS=" >> Swhitelistdir/$dirpart/Susername 
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Whitelisting a sender's address. 


'Whitelisting' a sender's address is the same principle as for a recipient's address except 
that the subdirectory name is envelope_recipient instead of envelope_sender. 


Example: Always allowing all incoming emails coming from address: 
eveline@jolie.com then we would create the file: 


/var/local/lib/tumgreyspf/config/envelope_sender/jolie.com/eveline 


with the content: 
SPFSEEDONLY=O0 
GREYLISTTIME=300 
CHECKERS=spf 
OTHERCONFIGS= 


I've created the following small bash script that does the job. 
Syntax: whitelist-sender SendertAddress 
eg. whitelist-sender eveline@jolie.com 


Whitelisting a sender's address (whitelist-sender) 
#!/bin/bash 

# Creates a whitelist of a sender's adddress for tumgreyspf system 
# Make sure that we have one parameter 


#Setting some variables 


addr=$1 
whitelistdir="/var/local/lib/tumgreyspf/config/envelope_sender" 


# Make sure we have one and only one parameter as the sender's address 
if [ "S#" -ne 1 ]; then 
echo "ERROR: Wrong number of parameters" 


echo "Syntax: whitelist-sender SenderMailAddress" 
exit 1 
fi 
# Make sure that the sender address is a valid email address format 
if !(echo $addr | egrep "*.+@.+\..+5" &>/dev/null) ; then 
echo "ERROR: Bad partial email address Syntax" 
exit 2 
fi 
# Soe ee ed Ee ee ee ed ee ee FRE: LOS HE ed See eed ee 


# Extract the host part that will be used as a directory name 
dirpart=$(echo $addr | cut -d@ -f2) 


# create the directory 
mkdir -p Swhitelistdir/S$dirpart 2>/dev/null 


# Extract the username from the email address 
username=$ (echo $addr | cut -d@ -f1) 


# Now create the configuration file(whitelisting) for this user 


echo "PFSEEDONLY=0" > Swhitelistdir/$dirpart/Susername 
echo "GREYLISTTIME=300" >> Swhitelistdir/Sdirpart/Susername 
echo "CHECKERS=spf" >> Swhitelistdir/$dirpart/Susername 
echo "OTHERCONFIGS=" >> Swhitelistdir/S$dirpart/Susername 
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Blacklisting IP addresses. 


To allow for 'Blackhole' checking, the word 'blackhole' MUST be in the list of checks 
in the main __default__ configuration file. 


CHECKERS=spf, blackhole 
eg. Blacklisting the IP address: 243.57.139.30 and 210.57.21.37 
Create 2 empty files called: 


/var/lib/tumgreyspf/blackhole/ips/243.57.139.30 
/var/lib/tumgreyspf/blackhole/ips/210.57.21.37 


Blacklisting sender addresses: 
To allow for 'Blackhole' checking, the word 'blackhole' MUST be in the list of checks 
in the main ___default__ configuration file. 


CHECKERS=spf, blackhole 


eg. Blacklisting the sender address: malware@blackmec.sk and joe@party.com 
/var/lib/tumgreyspf/blackhole/addresses/malware@blackmec.sk 
/var/lib/tumgreyspf/blackhole/addresses/joe@party.com 


Getting a Greylisting status 
There is a program that is provided with this system that displays the status of the 
greylisting. The program is called: 
/usr/sbin/tumgreyspf-stat 
This is a symbolic link to /usr/local/lib/tumgreyspf/tumgreyspf-stat. 


The format of the result of status is on e entry per line and each line is as follows: 
eg. 


IP=84.23.136.61 SENDER=ddzm@rhi.com RECIPIENT=prod@bild.de STARTS=-30 LAST=569 EXPIRESIN=-864000 
(Blocked,Pending) 


A= IP of server sending the mail. 

B = Address of Sender 

C = Address of local recipient 

D = Pending time (in seconds) left before the mail could be accepted (Blocking period) 


E = Elapsed Time (in seconds) since the last attempt to send the mail from the sending 
remote server. 


F = Period of Time (in seconds) this email will be registered. If no enails are received from 
this server inside this period of time then the IP is cleaned-up from the system. Any 
new mail afterwards from this server will be rejected the first time and after the 
pending time is over the emails will then be accepted again. 


G = Status of the registration: 
(Blocked,Pending) = Email has been rejected and is pending its acceptance time 


(Blocked) = This email can now be accepted if resent from server but has not 
been resent from the server yet. 

Nothing = All emails sent from this server to this recipient will from now on be 
accepted. 
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Perl based standard Greylisting system (not finished yet) 
More information on this systemcan be found at: 


- Installation for working with MySQL: 
Get from http: //rpm.pbone.net and install the latest RPM versions of: 
sqlgrey 
rpm-helper ----> Just ignore the dependencies with SuSE 9.3 
They are satisfied through other packages. 
IO::Multiplex Perl Module 


- Install the following packages from the SuSE 9.3 CD/DVD: 
-mysql 
-mysql-client 
-perl-DBD-mysql (Perl module) 


e Create a group called sqlgrey: Command: groupadd sqlgrey 
e Create a user called sqlgrey. Command: useradd -g sqlgrey sqlgrey 
« Change the database type in /etc/sqlgrey/sqlgrey.conf: 


db_type = mysql 

db_name = sqlgrey 

db_host = localhost 

db_user = sqlgrey 

db_pass = spaces_are_not_supported 


db_cleandelay = 1800 


- Configure the rest of /etc/sqlgrey/sqlgrey.conf as desired 
eg. email notifications of server status. 
admin_mail = michel@linuxint.com 


e Create asqlgrey database in MySQL: 
mysql -u root -p (Then give the mysql root password) 
> CREATE DATABASE sqlgrey; 
> GRANT ALL ON sqlgrey.* TO sqlgrey@localhost; 
> quit 


- In POSTFIX 


Add check_policy_service after reject_unauth_destination in 
/etc/postfix/main.cf 


eg. 

smtpd_recipient_restrictions =..... 
reject_unauth_destination, 
check_policy_service inet:127.0.0.1:2501 


This assumes sqlgrey will listen on the TCP 2501 port (default) and is 
on the same host. 


- STARTING SQLGREY 
Note: sqlgrey version 1.6.0 installs an init script in /etc/rc.d/init.d. 
It doesn't work in SUSE. You need to use the script on the next page 
and save itin /etc/init.d/sqlgrey 
To make sure it starts at boot time: insserv sqlgrey 
sqlgrey should be started via this init script: /etc/init.d/sqlgrey 
It will send its logs as mail log.(tail -f /var/log/mail) 


DNS-Hilfprogramme 
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host [-v] Rechnername versucht der Rechnernamen aufzulösen. 
-v = verbose, die Ausgabe ist dann ähnlich wie 
mit dig. 

host Rechnername DNS-Server benutzt den angegeben DNS-Server für die 
Auflösung 

host IP-Adresse versucht die IP-Adresse aufzulösen. 

host -1 Domäne zeigt alle Rechner einer DNS-Domäne. 

host -t mx Domäne zeigt der Mail-Exchange-Server einer Domäne. 

dig [@server] name [type] dig wie host erlaubt einen Rechnernamen 


aufzulösen, aber gibt mehr Informationen. 
(type = any, a, mx, ns usw.) 


dig sun.linux.local versucht sun. Linus, Local aufzulösen 

dig @dozlinux sun versucht sun vom DNS-Server dozlinux 
aufzulösen. 

dig linux.local any zeigt die ganze Domäne linux.local an. 

dig -x IP-Adresse versucht eine IP-Adresse aufzulösen. 
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Postfix basic exercises 


Michel Bisson 
1) access 


-edit /etc/postfix/access file and enter 
michel@bts02doz.linux.local REJECT 
- run the commands 


postmap /etc/postfix/access 
rcpostfix restart 


-runtail -f /var/log/mail inaterminal on the server 

- send a mail from michel@bts02doz.linux.local to root at the server 
- see the mail rejected 

2) alias 


- make sure there is admin user in the local server 
- modify the /etc/aliases to include 
mailuserl: 


root 
mailuser2: admin 
- run the commands: 
newaliases 

rcpostfix restart 
-mail mailuserl 
-mail mailuser2 
Ss ane e 


mail (mail to mailuser1 should be there) 
su — admin 


mail (mailto mailuser2 should be there) 
3)canonical 
- edit the file /etc/postfix/canonical and enter: 
root.admin root 
- run the commands: 


postmap /etc/postfix/canonical 
rcpostfix restart 


- send a mail to root .admin@mailserver.linux.local 


- see the mail arriving on the server in root user mailbox 
4)relocated 


-edit the file /etc/postfix/relocated and enter: 
userl 


- run the commands: 


userl@newcompany.de Please make note of it 


postmap /etc/postfix/relocated 
rcpostfix restart 


- send a mailto userl@mailserver.linux.local 


- see the mail being bounced and back in the client sender mailbox 
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5)virtual 
- Make sure that the mx record in DNS is set to: 
special.linux.local IN MX mailserver.linux.local. 
special.linux.local IN CNAME mailserver.linux.local. 
mailserver.linux.local. INA 192.168.xxx.yyy 


- Edit the file /etc/postfix/virtual on mailserver and enter: 
special.linux.local virtual 
myuser@special.linux.local userl 


- Run the commands: 
postmap /etc/postfix/virtual 
rcpostfix restart 


- Send a mail from clientto myuser@special.linux.local 
- Check the mail of user1 on mailserver. The mail should be there. 


- Tests of 3 computers as: 
e client(win/linux) (pop3 account in the local mail server) 
- local mail server (fetchmail the ISP through pop3, plus pop3/IMAP server) 
e |SP/Mail server (pop3 server) 


- Example of Mail header including MIME 
sendmail michel.dozlinux.local 
Subject: hallo in html 
Mime-Version: 1.0 
Content-type: text/html 
<Body><H1><Font color=red> 

hallo world 


</Font></H1></body> 
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Introduction 


Although the initial Postfix release has no address rewriting language, it can do quite a bit 
of address manipulation via table lookup. While a message flows through the Postfix 
system, its addresses are mangled in the order described in this document. 

Unless indicated otherwise, all parameters described here are in the main.cf file. If you 
change parameters of a running Postfix system, don't forget to issue a postfix reload 
command. 


All mail: 
Rewrite addresses to standard form 


Canonical address mapping 
Address masquerading 
Virtual address mapping 
Mail transport switch 
Relocated users table 

Local delivery: 
Alias database 
Per-user .forward files 
Non-existent users 


Rewrite addresses to standard form 


Before the cleanup daemon runs an address through any lookup table, it first rewrites the 
address to the standard user@fully. qualified. domain form, by sending the 
address to the trivial-rewrite daemon. The purpose of rewriting to standard form is to 
reduce the number of entries needed in lookup tables. The Postfix trivial-rewrite program 
implements the following hard-coded address manipulations: 


Rewrite @hosta, @hostb:user@site to user@site 
The source route feature has been deprecated. Postfix has no ability to handle such 
addresses, other than to strip off the source route. 


Rewrite site!userto user@site 
This feature is controlled by the boolean swap_bangpath parameter (default: yes). 
The purpose is to rewrite UUCP-style addresses to domain style. This is useful only 
when you receive mail via UUCP, but it probably does not hurt otherwise. 


Rewrite user%domainto user@domain 
This feature is controlled by the boolean allow_percent_hack parameter 
(default: yes). Typically, this is used in order to deal with monstrosities such as user 
domain@otherdomain. 


Rewrite user to user@Smyorigin 
This feature is controlled by the boolean append_at_myorigin parameter 
(default: yes). The purpose is to get consistent treatment of user on every machine 
in $myorigin. 


You probably should never turn off this feature, because a lot of Postfix components 
expect that all addresses have the form user@domain. 


If your machine is not the main machine for $myorigin and you wish to have some 
users delivered locally without going via that main machine, make an entry in the 
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virtual table that redirects user@Smyorigin to user@Smyhostname. 


Rewrite user@host to user@host.$mydomain 
This feature is controlled by the boolean append_dot_mydomain parameter 
(default: yes). The purpose is to get consistent treatment of different forms of the 
same hostname. 


Some will argue that rewriting host to host. $mydomain is bad. That is why it can 
be turned off. Others like the convenience of having the local domain appended 
automatically. 


Rewrite user@site. to user@site (without the trailing dot). 


Canonical address mapping 


Before the cleanup daemon stores inbound mail into the incoming queue, it uses the 
canonical table to rewrite all addresses in message envelopes and in message headers, 
local or remote. The mapping is useful to replace login names by Firstname. Lastname 
style addresses, or to clean up invalid domains in mail addresses produced by legacy mail 
systems. 


Canonical mapping is disabled by default. To enable, edit the canonical_maps 
parameter in the main. cf file and specify one or more lookup tables, separated by 
whitespace or commas. For example: 


canonical_maps = hash:/etc/postfix/canonical 


In addition to the canonical maps which are applied to both sender and recipient 
addresses, you can specify canonical maps that are applied only to sender addresses or 
to recipient addresses. For example: 


sender_canonical_maps = hash:/etc/postfix/sender_canonical 
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical 


The sender and recipient canonical maps are applied before the common canonical maps. 
Sender-specific rewriting is useful when you want to rewrite ugly sender addresses to 
pretty ones, and still want to be able to send mail to the those ugly address without 
creating a mailer loop. 
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Address masquerading 


Address masquerading is a method to hide all hosts inside a domain behind their mail 
gateway, and to make it appear as if the mail comes from the gateway itself, instead of 
from individual machines. Address masquerading is disabled by default. To enable, edit the 
masquerade_domains parameter in the main.cf file and specify one or more domain 
names separated by whitespace or commas. The list is processed left to right, and 
processing stops at the first match. Thus, 


masquerade_domains = foo.example.com example.com 


strips any. thing. foo.example.comto foo.example.com, but strips 
any.thing.else.example.comto example.com. 


A domain name prefixed with ! means do not masquerade this domain or its subdomains. 
Thus, 


masquerade_domains = !foo.example.com example.com 


does not change any. thing. foo.example.comand foo.example.com, but strips 
any.thing.else.example.comto example.com. 


The masquerade_exceptions configuration parameter specifies what user names 
should not be subjected to address masquerading. Specify one or more user names 
separated by whitespace or commas. For example, 


masquerade_exceptions = root 


By default, Postfix makes no exceptions. 

Subtle point: by default, address masquerading is applied only to message headers and to 
envelope sender addresses, but not to envelope recipients. This allows you to use address 
masquerading on a mail gateway machine, while still being able to forward mail from 
outside to users on individual machines. In order to subject envelope recipient addresses 
to masquerading, too, specify (only available with Postfix versions after 20010802): 


masquerade_classes = envelope_sender, envelope_recipient, 
header_sender, header_recipient 


If you do this, Postfix will no longer be able to send mail to individual machines. 


Virtual address aliasing 


After applying the canonical and masquerade mappings, the cleanup daemon uses the 
virtual alias table to redirect mail for all recipients, local or remote. The mapping affects 
only envelope recipients; it has no effect on message headers or envelope senders. Virtual 
alias lookups are useful to redirect mail for simulated virtual domains to real user 
mailboxes, and to redirect mail for domains that no longer exist. Virtual alias lookups can 
also be used to transform Firstname. Lastname back into UNIX login names, although 
it seems that local aliases are a more appropriate vehicle. 

Virtual aliasing is disabled by default. To enable, edit the virtual_alias_maps 
parameter in the main. cf file and specify one or more lookup tables, separated by 
whitespace or commas. For example: 


virtual_alias_maps = hash:/etc/postfix/virtual 


Addresses found in virtual alias maps are subjected to another iteration of virtual aliasing, 
but are not subjected to canonical mapping, in order to avoid loops. 


74_Mail_Services.sxw - 56 


Linux-Kurs Themen - Mail Services - June 14, 2009 


Mail transport switch 


Michel Bisson 


Once the address rewriting and resolving daemon has established the destination of a 
message, it determines the default delivery method for that destination. Postfix 
distinguishes four major address classes, each with its own default delivery method. 


Destination matches 


Default delivery agent 


Controlling parameter 


Smydestination or 
Sinet interfaces 


ocal 


$local_transport 


$virtual_mailbox_domains 


virtual 


$virtual_transport 


$relay domains relay (clone of smtp) $relay_transport 
none smtp $default_transport 


The optional transport table overrides the default message delivery method (this table is 
used by the address rewriting and resolving daemon). The transport table can be used to 
send mail to specific sites via UUCP, or to send mail to a really broken mail system that 
can handle only one SMTP connection at a time (yes, such systems exist and people used 


to pay real money for them). 


Transport table lookups are disabled by default. To enable, edit the transport_maps 
parameter in the main.cf file and specify one or more lookup tables, separated by 
whitespace or commas. For example: 


transport_maps = 


Relocated users table 


hash: /etc/postfix/transport 


Next, the address rewriting and resolving daemon runs each recipient name through the 
relocated database. This table provides information on how to reach users that no longer 
have an account, or what to do with mail for entire domains that no longer exist. When mail 
is sent to an address that is listed in this table, the message is bounced with an informative 


message. 


Lookups of relocated users are disabled by default. To enable, edit the relocated_maps 
parameter in the main.cf file and specify one or more lookup tables, separated by 
whitespace or commas. For example: 


relocated_maps = 


Alias database 


hash: /etc/postfix/relocated 


When mail is to be delivered locally, the local delivery agent runs each local recipient 
name through the aliases database. The mapping does not affect addresses in message 
headers. Local aliases are typically used to implement distribution lists, or to direct mail for 
standard aliases such as postmaster to real people. The table can also be used to map 
Firstname. Lastname addresses to login names. 


Alias lookups are enabled by default. The default configuration depends on the system 
environment, but it is typically one of the following: 


alias_maps = 


alias_maps = 


dbm:/etc/aliases, 


hash:/etc/aliases 


nis:mail.aliases 
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The path to the alias database file is controlled via the alias_database configuration 
parameter. The value is system dependent. Usually it is one of the following: 


alias_database = hash:/etc/aliases (4.4BSD, LINUX) 
alias_database = dbm:/etc/aliases (4.3BSD, SYSV<4) 
alias_database = dbm:/etc/mail/aliases (SYSV4) 


For security reasons, deliveries to command and file destinations are performed with the 
rights of the alias database owner. A default userid, default_privs, is used for deliveries to 
commandsfiles in root-owned aliases. 


Per-user . forward files 


Users can control their own mail delivery by specifying destinations in a file called 
. forward in their home directories. The syntax of these files is the same as with system 
aliases, except that the lookup key and colon are not present. 


Non-existent users 


When the local delivery agent finds that a message recipient does not exist, the message 
is normally bounced to the sender (user unknown"). Sometimes it is desirable to forward 
mail for non-existing recipients to another machine. For this purpose you can specify an 
alternative destination with the luser_relay configuration parameter. 

Alternatively, mail for non-existent recipients can be delegated to an entirely different 
message transport, as specified with the fallback_transport configuration parameter. 
For details, see the local delivery agent. 


Note: if you use the luser_relay feature in order to receive mail for non-UNIX accounts, 
then you must specify: 


local_recipient_maps = 


(i.e. empty) in the main. c£ file, otherwise the Postfix SMTP server will reject mail for non- 
UNIX accounts with "User unknown in local recipient table". 


luser_relay can specify one address. It is subjected to $name expansions. 
The most useful examples are: 


Suser@other.host 
The bare username, without address extension, is prepended to @other.host. 
For example, mail for username+foo is sent to username@other. host. 


$mailbox@other.host 
The entire original recipient localpart, including address extension, is prepended to 
@other.host. For example, mail for username+foo is sent to 
username+foo@other.host. 


sysadmin+$user 
The bare username, without address extension, is appended to sysadmin. For 
example, mail for username+foo is sentto sysadmintusername. 


sysadmin+$mailbox 
The entire original recipient localpart, including address extension, is appended to 
sysadmin. For example, mail for username+foo is sent to 
sysadmintusernametfoo. 
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Postfix - the Big Picture 


The figure shows the main Postfix system components, and the main information flows 
between them. Postfix system components are introduced in the Postfix anatomy 
documentation. 


Yellow ellipsoids are mail programs. 

Yellow boxes are mail queues or files. 

Blue boxes are lookup tables. 

Programs in the large box run under control by the Postfix resident master daemon. 
Data in the large box is property of the Postfix mail system. 


In order to keep the big picture readable the following elements were omitted: 


The Postfix command-line utilities. 

The Postfix resident master daemon. 

The DNS lookups by the SMTP server and client daemons 

The bounce or defer daemon and the flow of bounced mail. 

The address rewriting and resolving requests by the SMTP server and by the local 
delivery agent. 

The flow of mail forwarded by the local delivery agent. 

The flow of postmaster notices for protocol errors, policy violations, etc. 

Triggers to alert the pickup daemon and queue manager that new mail has arrived 
in the maildrop and incoming queues, respectively. 
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Receiving Mail 


When a message enters the Postfix mail system, the first stop on the inside is the 
incoming queue. The figure below shows the main components that are involved with new 
mail. For an explanation of the symbols used, click on the icon in the upper left-hand 
corner of this page. 


Mail is posted locally. The Postfix sendmail program invokes the privileged postdrop 
program which deposits the message into the maildrop directory, where the 
message is picked up by the pickup daemon. This daemon does some sanity 
checks, in order to protect the rest of the Postfix system. 


Mail comes in via the network. The Postfix SMTP server receives the message and 
does some sanity checks, in order to protect the rest of the Postfix system. The 
SMTP server can be configured to implement UCE controls on the basis of local or 
network-based black lists, DNS lookups, and other client request information. 


Mail is generated internally by the Postfix system itself, in order to return 
undeliverable mail to the sender. The bounce or defer daemon brings the bad news. 


Mail is forwarded by the local delivery agent, either via an entry in the system-wide 
alias database, or via an entry in a per-user .forward file. This is indicated with the 
unlabeled arrow. 


Mail is generated internally by the Postfix system itself, in order to notify the 
postmaster of a problem (this path is also indicated with the unlabeled arrow). The 
Postfix system can be configured to notify the postmaster of SMTP protocol 
problems, UCE policy violations, and so on. 


The cleanup daemon implements the final processing stage for new mail. It adds 
missing From: and other message headers, arranges for address rewriting to the 
standard user@fully.qualified.domain form, and optionally extracts recipient 
addresses from message headers. The cleanup daemon inserts the result as a 
single queue file into the incoming queue, and notifies the queue manager of the 
arrival of new mail. The cleanup daemon can be configured to transform addresses 
on the basis of canonical and virtual table lookups. 


On request by the cleanup daemon, the trivial-rewrite daemon rewrites addresses 
to the standard user@fully. qualified. domain form. The initial Postfix version 
does not implement a rewriting language. Implementing one would take a lot of 
effort, and most sites do not need it. Instead, Postfix makes extensive use of table 


lookup. 
SMTPD (8) SMTPD (8) 


NAME 
smtpd - Postfix SMTP server 


SYNOPSIS 
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smtpd [generic Postfix daemon options] 


DESCRIPTION 
The SMTP server accepts network connection requests and 
performs zero or more SMTP transactions per connection. 
Each received message is piped through the cleanup(8) dae- 
mon, and is placed into the incoming queue as one single 
queue file. For this mode of operation, the program 
expects to be run from the master(8) process manager. 


Alternatively, the SMTP server takes an established con- 
nection on standard input and deposits messages directly 
into the maildrop queue. In this so-called stand-alone 
mode, the SMTP server can accept mail even while the mail 
system is not running. 


The SMTP server implements a variety of policies for con- 
nection requests, and for parameters given to HELO, ETRN, 
MAIL FROM, VRFY and RCPT TO commands. They ar detailed 
below and in the main.cf configuration file. 


SECURITY 
The SMTP server is moderately security-sensitive. It talks 
to SMTP clients and to DNS servers on the network. The 
SMTP server can be run chrooted at fixed low privilege. 


STANDARDS 
RFC 821 (SMTP protocol) 
RFC 1123 (Host requirements) 
RFC 1652 (8bit-MIME transport) 
RFC 1869 (SMTP service extensions) 
RFC 1870 (Message Size Declaration) 
RFC 1985 (ETRN command) 
RFC 2554 (AUTH command) 
RFC 2821 (SMTP protocol) 
RFC 2920 (SMTP Pipelining) 
DIAGNOSTICS 


Problems and transactions are logged to syslogd (8). 


Depending on the setting of the notify classes parameter, 
the postmaster is notified of bounces, protocol problems, 
policy violations, and of other trouble. 


CONFIGURATION PARAMETERS 
The following main.cf parameters ar specially relevant 
to this program. See the Postfix main.cf file for syntax 
details and for default values. Use the postfix reload 
command after a configuration change. 


Compatibility controls 
strict rfc821 envelopes 
Disallow non-REC 821 style addresses in SMTP com- 
mands. For example, the RFC822-style address forms 
with comments that Sendmail allows. 


broken sasl auth clients 
Support older Microsoft clients that mis-implement 
the AUTH protocol, and that expect an EHLO response 
of "250 AUTH=list" instead of "250 AUTH list". 
smtpd noop commands 
List of commands that are treated as NOOP (no oper- 
ation) commands, without any parameter syntax 
checking and without any state change. This list 
overrides built-in command definitions. 
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Content inspection controls 
content filter 
The name of a mail delivery transport that filters 
mail and that either bounces mail or re-injects the 
result back into Postfix. This parameter uses th 
same syntax as the right-hand side of a Postfix 
transport table. 


Authentication controls 

enable sasl authentication 
Enable per-session authentication as per RFC 2554 
(SASL). This functionality is available only when 
explicitly selected at program build time and 
explicitly enabled at runtime. 


smtpd sasl local domain 
The name of the local authentication realm. 


smtpd sasl security options 
Zero or more of the following. 


noplaintext 
Disallow authentication methods that use 
plaintext passwords. 


noactive 
Disallow authentication methods that are 
vulnerable to non-dictionary active attacks. 


nodictionary 
Disallow authentication methods that are 
vulnerable to passive dictionary attack. 


noanonymous 
Disallow anonymous logins. 


smtpd sender login maps 
Maps that specify the SASL login name that owns a 
MAIL FROM sender address. Used by the 
reject sender login mismatch sender anti-spoofing 
restriction. 


Miscellaneous 
always bcc 
Address to send a copy of each message that enters 
the system. 


authorized verp clients 
Hostnames, domain names and/or addresses of clients 
that are authorized to use the XVERP extension. 


debug peer level 


Increment in verbose logging level when a remot 
host matches a pattern in the debug peer list 
parameter. 


debug peer list 
List of domain or network patterns. When a remote 
host matches a pattern, increase th verbos log 
ging level by the amount specified in the 
debug peer level parameter. 


l 


tart 
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default verp delimiters 
The default VERP delimiter characters that are used 
when the XVERP command is specified without 
explicit delimiters. 


error notice recipient 
Recipient of protocol/policy/resource/software 
error notices. 


hopcount limit 
Limit the number of Received: message headers. 


notify classes 
List of error classes. Of special interest are: 


policy When a client violates any policy, mail a 
transcript of the entire SMTP session to the 
postmaster. 


protocol 
When a client violates the SMTP protocol or 
issues an unimplemented command, mail a 


transcript of the entire SMTP session to the 
postmaster. 


smtpd banner 
Text that follows the 220 status code in the SMTP 
greeting banner. 


smtpd expansion filter 
Controls what characters are allowed in Sname 
expansion of rbl template responses and other text. 


smtpd recipient limit 
Restrict the number of recipients that the SMTP 
server accepts per message delivery. 


smtpd timeout 
Limit the time to send a server respons and to 
receive a client request. 


soft bounce 
Change hard (5xx) reject responses into soft (4xx) 
reject responses. This can be useful for testing 
purposes. 


verp delimiter filter 
The characters that Postfix accepts as VERP delim- 
iter characters. 


Known versus unknown recipients 
show user unknown table name 


Whether or not to reveal the table name in the 
"User unknown" responses. The extra detail makes 
trouble shooting easier but also reveals informa- 
tion that is nobody elses business. 


unknown local recipient reject code 
The response code when a client specifies a recipi- 
ent whose domain matches $mydestination or 
$inet interfaces, while $local recipient maps is 
non-empty and does not list the recipient address 
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or address local-part. 
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unknown relay recipient reject code 

The response code when a client specifies a recipi 
ent whose domain matches $relay domains, while 
$relay recipient maps is non-empty and does not 
list the recipient address. 


unknown virtual alias reject code 

The response code when a client specifies a recipi- 
ent whose domain matches $virtual alias domains, 
whil th recipient is not listed in Svir- 
tual alias maps. 


unknown virtual mailbox reject code 
The response code when a client specifies a recipi- 
ent whose domain matches $virtual_ mailbox domains, 
while the recipient is not listed in $virtual mail- 
box maps. 


Resource controls 

line length limit 
Limit the amount of memory in bytes used for the 
handling of partial input lines. 


message size limit 
Limit the total size in bytes of a message, includ- 
ing on-disk storage for envelope information. 


queue minfree 
Minimal amount of free space in bytes in the queue 
file system for the SMTP server to accept any mail 
at all. 


smtpd history flush threshold 
Flush the command history to postmaster after 
receipt of RSET etc. only if the number of history 
lines exceeds the given threshold. 


Tarpitting 
smtpd error sleep time 
Time to wait in seconds before sending a 4xx or 5xx 
server error response. 


smtpd soft error limit 
When an SMTP client has made this number of errors, 
wait error_count seconds before responding to any 
client request. 


smtpd hard error limit 
Disconnect after a client has made this number of 
errors. 


smtpd junk command limit 
Limit the number of times a client can issue a junk 
command such as NOOP, VRFY, ETRN or RSET in one 
SMTP session before it is penalized with tarpit 
delays. 


UCE control restrictions 
parent domain matches subdomains 
List of Postfix features that use domain.tld pat- 
terns to match sub.domain.tld (as opposed to 
requiring .domain.tld patterns). 
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smtpd client restrictions 
Restrict what clients may connect to this mail sys- 
tem. 


smtpd helo required 
Require that clients introduce themselves at the 
beginning of an SMTP session. 


smtpd helo restrictions 
Restrict what client hostnames are allowed in HELO 
and EHLO commands. 


smtpd sender restrictions 
Restrict what sender addresses are allowed in MAIL 
FROM commands. 


smtpd recipient restrictions 
Restrict what recipient addresses are allowed in 
RCPT TO commands. 


smtpd etrn restrictions 
Restrict what domain names can be used in ETRN com- 
mands, and what clients may issue ETRN commands. 


smtpd data restrictions 
Restrictions on the DATA command. Currently, the 
only restriction that makes sens her is 
reject unauth pipelining. 


allow untrusted routing 
Allow untrusted clients to specify addresses with 


sender-specified routing. Enabling this opens up 
nasty relay loopholes involving trusted backup MX 
hosts. 


smtpd restriction classes 
Declares the name of zero or more parameters that 
contain a list of UCE restrictions. The names of 
these parameters can then be used instead of the 
restriction lists that they represent. 


smtpd null access lookup key 
The lookup key to be used in SMTPD access tables 
instead of the null sender address. A null sender 
address cannot be looked up. 


maps rbl domains (deprecated) 
List of DNS domains that publish the addresses of 
blacklisted hosts. This is used with the deprecated 
reject maps rbl restriction. 


permit mx backup networks 
Only domains whose primary MX hosts match the 
listed networks are eligible for the per- 
mit mx backup feature. 


relay domains 
Restrict what domains this mail system will relay 
mail to. The domains are routed to the delivery 
agent specified with the relay transport setting. 


UCE control responses 


access map reject code 
Respons cod when a client violates an access 
database restriction. 


default rbl reply 


Michel Bisson 
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Default template reply when a request is RBL black- 
listed. This template is used by the reject rbl * 
and reject rhsbl * restrictions. See also: 
rbl reply maps and smtpd expansion filter. 

defer code 
Respons code when a client request is rejected by 
the defer restriction. 


invalid hostname reject code 
Respons cod when a client violates the 
reject invalid hostname restriction. 


maps rbl reject code 
Response code when a request is RBL blacklisted. 


rbl reply maps 
Table with template responses for RBL blacklisted 


requests, indexed by RBL domain name. Thes tem 
plates are used by the reject rbl * and 
reject rhsbl * restrictions. See also: 


default rbl reply and smtpd expansion filter. 


reject code 
Respons cod when th client matches a reject 
restriction. 


relay domains reject code 
Response code when a client attempts to violate the 
mail relay policy. 


unknown address reject code 
Response code when a client violates the 
reject unknown address restriction. 


unknown client reject code 
Response code when a client without address to name 
mapping violates the reject unknown client restric- 
tion. 


unknown hostname reject code 
Respons cod when a client violates the 
reject unknown hostname restriction. 


SEE ALSO 


trivial-rewrite(8) address resolver 
cleanup(8) message canonicalization 


master(8) process manager 
syslogd(8) system logging 


LICENSE 


The Secure Mailer license must be distributed with this 
software. 
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PICKUP(8) PICKUP(8) 
NAME 

pickup - Postfix local mail pickup 
SYNOPSIS 


pickup [generic Postfix daemon options] 


DESCRIPTION 
The pickup daemon waits for hints that new mail has been 
dropped into the maildrop directory, and feeds it into the 
cleanup(8) daemon. Ill-formatted files are deleted with- 
out notifying the originator. This program expects to be 
run from the master(8) process manager. 


STANDARDS 
None. The pickup daemon does not interact with the outside 
world. 

SECURITY 
The pickup daemon is moderately security sensitive. It 
runs with fixed low privilege and can run in a chrooted 
environment. However, the program reads files from poten- 
tially hostile users. The pickup daemon opens no files 


for writing, is careful about what files it opens for 
reading, and does not actually touch any data that is sent 
to its public service endpoint. 


DIAGNOSTICS 
Problems and transactions are logged to syslogd (8). 

BUGS 
The pickup daemon copies mail from file to the cleanup (8) 
daemon. It could avoid message copying overhead by send- 
ing a file descriptor instead of file data, but then the 


already complex cleanup (8) daemon would have to deal with 
unfiltered user data. 


CONFIGURATION PARAMETERS 
The following main.cf parameters ar specially relevant 
to this program. See the Postfix main.cf file for syntax 
details and for default values. Use the postfix reload 
command after a configuration change. 


Content inspection controls 
content filter 
The name of a mail delivery transport that filters 
mail and that either bounces mail or re-injects the 
result back into Postfix. This parameter uses th 
same syntax as the right-hand side of a Postfix 
transport table. 


Miscellaneous 
always bcc 
Address to send a copy of each message that enters the system. 


queue directory 
Top-level directory of the Postfix queue. 


SEE ALSO 
cleanup(8) message canonicalization 
master(8) process manager 
sendmail(1), postdrop(8) mail posting agent 
syslogd(8) system logging 


74_Mail_Services.sxw - 68 


Linux-Kurs Themen - Mail Services - June 14, 2009 


TRIVIAL-REWRITE(8) TRIVIAL-REWRITE(8) 


Michel Bisson 


NAME 
trivial-rewrite - Postfix address rewriting and resolving 
daemon 
SYNOPSIS 
trivial-rewrite [generic Postfix daemon options] 
DESCRIPTION 
The trivial-rewrite daemon processes two types of client 
service requests: 
rewrite 
Rewrite an address to standard form. The trivial- 
rewrite daemon by default appends local domain 
information to unqualified addresses, swaps bang 
paths to domain form, and strips source routing 
information. This process is under control of sev- 
eral configuration parameters (s below). 
resolve 
Resolve an address to a (transport, nexthop, recip- 
ient) triple. The meaning of the results is as fol- 
lows: 
transport 
The delivery agent to use. This is the first 
field of an entry in the master.cf file. 
nexthop 
The host to send to and optional delivery 
method information. 
recipient 
Th nvelop recipient address that is 


passed on to nexthop. 


DEFAULT DELIVERY METHODS 
By default, Postfix uses one of the following 
methods. This may be overruled with the optional 


delivery 
trans- 


port (5) table. The default delivery method is sel 
matching the recipient address domain against one 
following: 

$mydestination 


$inet interfaces 


lected by 
of the 


The transport and optional nexthop are specified 
with $local transport. The default nexthop is the 
recipient domain. 

$virtual alias domains 
The recipient address is undeliverabl (user 
unknown). By definition, all known addresses in a 
virtual alias domain are aliased to other 
addresses. 

$virtual mailbox domains 
The transport and optional nexthop are specified 
with $virtual_ transport. The default nexthop is 
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the recipient domain. 


$relay domains 
The transport and optional nexthop are specified 
with $relay transport. This overrides the optional 
nexthop information that is specified with $relay- 
host. The default nexthop is the recipient domain. 


none of the above 
The transport and optional nexthop are specified 
with  $default transport. This overrides the 
optional nexthop information that is specified with 
$relayhost. The default nexthop is the recipient 
domain. 


SERVER PROCESS MANAGEMENT 

The trivial-rewrite servers run under control by the Post- 
fix master server. Each server can handle multiple simul- 
taneous connections. When all servers are busy while a 
client connects, the master creates a new server process, 
provided that the trivial-rewrite server process limit is 
not exceeded. Each trivial-rewrit server terminates 
after serving at least $max_ use clients of after $max idle 
seconds of idle time. 


STANDARDS 
None. The command does not interact with the outside 
world. 


SECURITY 
The trivial-rewrite daemon is not security sensitive. By 
default, this daemon does not talk to remote or local 
users. It can run at a fixed low privilege in a chrooted 
environment. 


DIAGNOSTICS 
Problems and transactions are logged to syslogd (8). 


BUGS 

CONFIGURATION PARAMETERS 
The following main.cf parameters ar specially relevant 
to this program. See the Postfix main.cf file for syntax 
details and for default values. Use the postfix reload 
command after a configuration change. 

Miscellaneous 


empty address recipient 
The recipient that is substituted for the null 
address. 


inet interfaces 


The network interfaces that this mail system 
receives mail on. This information is used to 
determine if user@[net.work.addr.ess] is local or 
remote. Mail for local users is given to the 


$local transport. 
mydestination 
List of domains that are given to the $local trans- 


port. 


virtual alias domains 
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List of simulated virtual domains (domains with all 
recipients aliased to some other local or remote 
domain). 


virtual mailbox domains 
List of domains that are given to the $vir- 
tual transport. 


relay domains 
List of domains that are given to the $relay trans- 
port. 


resolve unquoted address 
When resolving an address, do not quote the address 
localpart as per RFC 822, so that additional @, % 
or ! characters remain visible. This is techni- 
cally incorrect, but allows us to stop relay 
attacks when forwarding mail to a Sendmail primary 
MX host. 


relocated maps 
Tables with contact information for users, hosts or 
domains that no longer exist. See relocated(5). 


Rewriting 
myorigin 
The domain that locally-posted mail appears to come 
from. 


allow percent hack 
Rewrite user%domain to user@domain. 


append at myorigin 
Rewrite user to user@$myorigin. 


append dot mydomain 
Rewrite user@host to user@host.$mydomain. 


swap bangpath 
Rewrite site!user to user@site. 


Routing 
local transport 
Where to deliver mail for destinations that match 
$mydestination or $inet interfaces. The default 
transport is local: $myhostname. 


Syntax is transport:nexthop; see transport(5) for 
details. The :nexthop part is optional. 


virtual transport 
Where to deliver mail for non-local domains that 
match $virtual mailbox domains. The default trans- 
port is virtual. 


Syntax is transport:nexthop; see transport(5) for 
details. The :nexthop part is optional. 


relay transport 
Where to deliver mail for non-local domains that 


match $relay domains. The default transport is 
relay (which normally is a clone of the smtp trans- 
port). 
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Syntax is transport:nexthop; see transport(5) for 
details. The :nexthop part is optional. 


default transport 
Where to deliver all other non-local mail. The 
default transport is smtp. 


Syntax is transport:nexthop; see transport(5) for 
details. The :nexthop part is optional. 


parent domain matches subdomains 
List of Postfix features that use domain.tld pat- 
terns to match sub.domain.tld (as opposed to 
requiring .domain.tld patterns). 


relayhost 
The default host to send non-local mail to when no 
host is specified with $relay transport or 
$default transport, and when the recipient address 
does not match the optional the transport (5) table. 


transport maps 
List of tables with recipient or domain to (trans- 
port, nexthop) mappings. 


SEE ALSO 
master (8) process manager 
syslogd (8) system logging 
transport (5) transport table format 
relocated (5) format of the "user has moved" table 


LICENSE 
The Secure Mailer license must be distributed with this 
software. 

AUTHOR (S) 


Wietse Venema 

IBM T.J. Watson Research 

P.O. Box 704 

Yorktown Heights, NY 10598, USA 


TRIVIAL-REWRITE (8) 
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CLEANUP(8) CLEANUP(8) 
NAME 

cleanup - canonicalize and enqueue Postfix message 
SYNOPSIS 


cleanup [generic Postfix daemon options] 


DESCRIPTION 
The cleanup daemon processes inbound mail, inserts it into 
the incoming mail queue, and informs the queue manager of 
its arrival. 


The cleanup daemon always performs the following transfor- 
mations: 


o Insert missing messag headers: (Resent-) From:, 
To:, Message-Id:, and Date:. 


o Extract envelope recipient addresses from (Resent-) 
To:, Cc: and Bee: message headers when no recipi- 
ents are specified in the messag nvelop 


o Transform envelope and header addresses to the 
standard user@fully-qualified-domain form that is 
expected by other Postfix programs. This task is 


delegated to the trivial-rewrite(8) daemon. 


o Eliminate duplicat nvelope recipient addresses. 


The following address transformations are optional: 


oO Optionally, rewrite all envelope and header 
addresses according to the mappings specified in 
the canonical(5) lookup tables. 


oO Optionally, masquerad nvelop sender addresses 
and messag header addresses (i.e. strip host or 
domain information below all domains listed in the 
masquerade domains parameter, except for user names 
listed in masquerade exceptions). By default, 
address masquerading does not affect nvelop 
recipients. 

o Optionally, expand envelope recipients according to 


information found in the virtual(5) lookup tables. 


The cleanup daemon performs sanity checks on the content 
of each message. When it finds a problem, by default it 
returns a diagnostic status to the client, and leaves it 
up to the client to deal with the problem. Alternatively, 
the client can request the cleanup daemon to bounce the 
message back to the sender in case of trouble. 


DIAGNOSTICS 
Problems and transactions are logged to syslogd (8). 
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BUGS 
Table-driven rewriting rules make it hard to express if 
then else and other logical relationships. 


CONFIGURATION PARAMETERS 
The following main.cf parameters ar specially relevant 
to this program. See the Postfix main.cf file for syntax 
details and for default values. Use the postfix reload 
command after a configuration change. 


Content filtering 
body checks 

Lookup tables with content filters for message body 

lines. These filters s physical lines one at a 

time, in chunks of at most line length limit bytes. 


body checks size limit 
The amount of content per message body segment that 
is subjected to $body checks filtering. 


header checks 
mime header checks (default: $header checks) 


nested header checks (default: $header checks) 
Lookup tables with content filters for message 
header lines: respectively, these are applied to 
the primary messag headers (not including MIME 
headers), to the MIME headers anywhere in the mes- 
sage, and to the initial headers of attached mes- 
sages. These filters s logical headers one at a 


time, including headers that span multiple lines. 


MIME Processing 

disable mime input processing 
While receiving, give no special treatment to Con- 
tent-Type: message headers; all text after the ini- 
tial 
È 


ial messag headers is considered to be part of 
he message body. 


mime boundary length limit 

The amount of space that will be allocated for MIME 
multipart boundary strings. The MIME processor is 
unable to distinguish between boundary strings that 
do not differ in the first $mime_bound- 
ary length limit characters. 


mime nesting limit 
The maximal nesting level of multipart mail that 
the MIME processor can handle. Refuse mail that is 
nested deeper. 


strict 8bitmime 
Turn on both strict 7bit headers and strict 8bit- 
mime body. 


strict 7bit headers 
Reject mail with 8-bit text in message headers. 
This blocks mail from poorly written applications. 
strict 8bitmime body 


Reject mail with 8-bit text in content that claims 
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to be 7-bit, or in content that has no explicit 
content encoding information. This blocks mai 
from poorly written mail software. Unfortunately 
this also breaks majordomo approval requests whe 
the included request contains valid 8-bit MIM 
mail, and it breaks bounces from mailers that do 
not properly encapsulate 8-bit content (for exam- 
ple, bounces from qmail or from old versions of 
Postfix). 
strict mime domain encoding 
Reject mail with invalid Content-Transfer-Encoding: 
information for message/* or multipart/*. This 
blocks mail from poorly written software. 


= 


DI CH s 


Miscellaneous 
always bcc 
Address to send a copy of each message that enters 
the system. 


hopcount limit 
Limit the number of Received: message headers. 


undisclosed recipients header 
The header line that is inserted when no recipients 
were specified in (Resent-)To: or (Resent-)Cc: mes- 
sage headers. 


Address transformations 
empty address recipient 


The destination for undeliverable mail from <>. 
This substitution is done before all other address 
rewriting. 


canonical maps 
Address mapping lookup table for sender and recipi- 
ent addresses in envelopes and headers. 


recipient canonical maps 
Address mapping lookup table for envelope and 
header recipient addresses. 


sender canonical maps 
Address mapping lookup table for envelope and 
header sender addresses. 


masquerade classes 
List of address classes subject to masquerading: 
zero or more of envelope sender, envelope recipi- 
ent, header sender, header recipient. 


masquerade domains 
List of domains that hide their subdomain struc- 


Cure. 


masquerade exceptions 
List of user names that are not subject to address 


masquerading. 


virtual alias maps 
Address mapping lookup table for envelope recipient 
addresses. 
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Resource controls 
duplicate filter limit 
Limits the number of envelope recipients that are 
remembered. 


header address token limit 
Limits the number of address tokens used to process 
a message header. 


header size limit 
Limits the amount of memory in bytes used to pro- 
cess a message header. 


in flow delay 
Amount of time to pause before accepting a message, 
when th message arrival rat xceeds the messag 
delivery rate. 


extract recipient limit 
Limit the amount of recipients extracted from mes- 
sage headers. 


SEE ALSO 
canonical(5) canonical address lookup table format 
amgr (8) queue manager daemon 
syslogd(8) system logging 
trivial-rewrite(8) address rewriting 
virtual(5) virtual alias lookup table format 


FILES 
/etc/postfix/canonical*, canonical mapping table 
/etc/postfix/virtual*, virtual mapping table 


LICENSE 


The Secure Mailer license must be distributed with this 
software. 


AUTHOR (S) 
Wietse Venema 
IBM T.J. Watson Research 
P.O. Box 704 
Yorktown Heights, NY 10598, USA 


CLEANUP (8) 
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Look-up tables under Postfix 


# ACCESS (5) ACCESS (5) 
NAME 
access — format of Postfix access table 
SYNOPSIS 
postmap /etc/postfix/access 
DESCRIPTION 


The optional access table directs the Postfix SMTP server 
to selectively reject or accept mail. Access can be 
allowed or denied for specific host names, domain names, 
networks, host network addresses or mail addresses. 


Normally, the access table is specified as a text file 
that serves as input to the postmap(1) command. The 
result, an indexed file in dbm or db format, is used for 
fast searching by the mail system. Execute the command 
postmap /etc/postfix/access in order to rebuild the 
indexed file after changing the access table. 


when the table is provided via other means such as NIS, 
LDAP or SQL, the same lookups are done as for ordinary 
indexed files. 


Alternatively, the table can be provided as a regular- 
expression map where patterns are given as regular expres- 
sions. In that case, the lookups are done in a slightly 
different way as described below. 


TABLE FORMAT 
The format of the access table is as follows: 


pattern action 
when pattern matches a mail address, domain or host 
address, perform the corresponding action. 


blank lines and comments 
Empty lines and whitespace-only lines are ignored, 
as are lines whose first non-whitespace character 
isa'#'. 


multi-line text 
A logical line starts with non-whitespace text. A 
line that starts with whitespace continues a logi- 
cal line. 


EMAIL ADDRESS PATTERNS 
with lookups from indexed files such as DB or DBM, or from 
networked tables such as NIS, LDAP or SQL, the following 
lookup patterns are examined in the order as listed: 


user@domain 
Matches the specified mail address. 


domain.tld 
Matches domain.tld as the domain part of an email 
address. 


The pattern domain.tld also matches subdomains, but 
only when the string smtpd_access_maps is listed in 
the Postfix parent_domain_matches_subdomains con- 
figuration setting. Otherwise, specify .domain.tld 
(note the initial dot) in order to match subdo- 
mains. 


FF HE HE HE HE HE SHE HE HR HE HR HE SHEE HR HE HR SE SRE JR SE ROE ROE JR GER SR OE SR GE SR GE SR GE SR GE SR GE SR OE SR GE SR GE SR GE SR GE SR GE SR GE SR GE JR GE SR GE SR GE SRR GE 


user@ Matches all mail addresses with the specified user 
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part. 


Note: lookup of the null sender address is not possible 
with some types of lookup table. By default, Postfix uses 
<> as the lookup key for such addresses. The value is 
specified with the workaround is to specify 
smtpd_null_access_lookup_key parameter in the Postfix 
main.cf file. 


ADDRESS EXTENSION 
When a mail address localpart contains the optional recip- 
ient delimiter (e.g., user+tfoo@domain), the lookup order 
becomes: usert+foo@domain, user@domain, domain, user+foo@, 
and user, 


HOST NAME/ADDRESS PATTERNS 
With lookups from indexed files such as DB or DBM, or from 
networked tables such as NIS, LDAP or SQL, the following 
lookup patterns are examined in the order as listed: 


domain.tld 
Matches domain.tld. 


The pattern domain.tld also matches subdomains, but 
only when the string smtpd_access_maps is listed in 
the Postfix parent_domain_matches_subdomains con- 
figuration setting. Otherwise, specify .domain.tld 
(note the initial dot) in order to match subdo- 
mains. 


net.work.addr.ess 
net.work.addr 
net.work 


net Matches any host address in the specified network. 
A network address is a sequence of one or more 
octets separated by ".". 


ACTIONS 
[45]NN text 
Reject the address etc. that matches the pattern, 
and respond with the numerical code and text. 


REJECT Reject the address etc. that matches the pattern. A 
generic error response message is generated. 


OK Accept the address etc. that matches the pattern. 


all-numerical 
An all-numerical result is treated as OK. This for- 
mat is generated by address-based relay authoriza- 
tion schemes. 


restriction... 
Apply the named UCE restriction(s) (permit, reject, 
reject_unauth_destination, and so on). 


REGULAR EXPRESSION TABLES 
This section describes how the table lookups change when 
the table is given in the form of regular expressions. For 
a description of regular expression lookup table syntax, 
see regexp_table(5) or pcre_table (5). 


Bach pattern is a regular expression that is applied to 
the entire string being looked up. Depending on the appli- 
cation, that string is an entire client hostname, an 
entire client IP address, or an entire mail address. Thus, 


FF HE HR HE HR OE HEE RE HR HE HR HR HE HE SE HEE RE HR SE HEE RE ROE ROE JR ER ROE ROE JR GE SR OE SR GE SR GE SR GE SR GE SR GR SR GE SR GE SR SR SR GE SR GE SR SR SR GE SR OE H 
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no parent domain or parent network search is done, 
user@domain mail addresses are not broken up into their 
user@ and domain constituent parts, nor is user+foo broken 
up into user and foo. 


Patterns are applied in the order as specified in the 
table, until a pattern is found that matches the search 
string. 


Actions are the same as with indexed file lookups, with 
the additional feature that parenthesized substrings from 
the pattern can be interpolated as $1, $2 and so on. 


BUGS 

The table format does not understand quoting conventions. 
SEE ALSO 

postmap(1) create mapping table 

smtpd(8) smtp server 

pere_table(5) format of PCRE tables 

regexp_table(5) format of POSIX regular expression tables 
LICENSE 

The Secure Mailer license must be distributed with this 

software. 
AUTHOR (S) 


Wietse Venema 

IBM T.J. Watson Research 

P.O. Box 704 

Yorktown Heights, NY 10598, USA 


Se SHE He HE SHE HE HE HE SHE HE SRE EE SR HR EOE EOE ROE ROSE HR OE Se OE ROE ROE H 


74_Mail_Services.sxw - 79 


Linux-Kurs Themen - Mail Services - June 14, 2009 Michel Bisson 


ALIASES (5) ALIASES (5) 


NAME 
aliases - format of the Postfix alias database 


SYNOPSIS 
newaliases 


DESCRIPTION 
The aliases table provides a system-wide mechanism to 
redirect mail for local recipients. The redirections are 
processed by the Postfix local(8) delivery agent. 


Normally, the aliases table is specified as a text file 
that serves as input to the postalias(1) command. The 
result, an indexed file in dbm or db format, is used for 
fast lookup by the mail system. Execute the command 
newaliases in order to rebuild the indexed file after 
changing the Postfix alias database. 


The input and output file formats are expected to be com- 
patible with Sendmail version 8, and are expected to be 
suitable for the use as NIS maps. 


Users can control delivery of their own mail by setting up 
.forward files in their home directory. Lines in per-user 
.forward files have the same syntax as the right-hand side 
of aliases entries. 


The format of the alias database input file is as follows: 
oO An alias definition has the form 


name: valuel, value2, 


oO Empty lines and whitespace-only lines are ignored, 
as are lines whose first non-whitespace character 
isa Di, 

o A logical line starts with non-whitespace text. A 
line that starts with whitespace continues a logi- 


cal line. 


The name is a local address (no domain part). Use double 
quotes when the name contains any special characters such 
as whitespace, '#', ~:', or '@'. The name is folded to 
lowercase, in order to make database lookups case insensi- 
tive. 


In addition, when an alias exists for owner-name, delivery 
diagnostics are directed to that address, instead of to 
the originator. This is typically used to direct delivery 
errors to the owner of a mailing list, who is in a better 
position to deal with mailing list delivery problems than 


the originator of the undelivered mail. 


The value contains one or more of the following: 
address 


Mail is forwarded to address, which is compatible 
with the RFC 822 standard. 
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/file/name 
Mail is appended to /file/name. See local(8) for 
details of delivery to file. Delivery is not lim- 
ited to regular files. For example, to dispose of 
unwanted mail, deflect it to /dev/null. 

| command 
Mail is piped into command. Commands that contain 
special characters, such as whitespace, should be 
nclosed between double quotes. See local(8) for 


details of delivery to command. 


When the command fails, a limited amount of command 
output is mailed back to the sender. The file 
/usr/include/sysexits.h defines th xpected xit 
status codes. For example, use |"exit 67" to simu- 
late a "user unknown" error, and |"exit 0" to 
implement an expensive black hole. 


:include: /file/name 


Mail is sent to the destinations listed in the 
named file. ines in :include: files have the sam 
syntax as the right-hand side of alias entries. 


A destination can be any destination that is 
described in this manual page. However, delivery to 
"| command" and /file/name is disallowed by default. 
To enable, edit the allow mail to commands and 
allow mail to files configuration parameters. 


ADDRESS EXTENSION 
when alias database search fails, and the recipient local- 


part contains the optional recipient delimiter (e.g., 
usertfoo), the search is repeated for the unextended 
address (e.g., user). 


CONFIGURATION PARAMETERS 
The following main.cf parameters ar specially relevant 
to this topic. See the Postfix main.cf file for syntax 
details and for default values. Use the postfix reload 
command after a configuration change. 


alias maps 
List of alias databases. 


allow mail to commands 
Restrict the usage of mail delivery to external 
command. 


allow mail to files 
Restrict the usage of mail delivery to external 
file. 


expand owner alias 
When delivering to an alias that has an owner- com- 
panion alias, set th nvelop sender address to 
the right-hand side of the owner alias, instead 
using of the left-hand side address. 


owner request special 
Give special treatment to owner-xxx and xxx-request 
addresses. 
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recipient delimiter 
Delimiter that separates recipients from address 
extensions. 


74_Mail_Services.sxw - 82 


Linux-Kurs Themen - Mail Services - June 14, 2009 Michel Bisson 


BUGS 
Regular expression alias lookup tables are allowed, but 
substitution of $1 etc. is forbidden because that would 
open a security loophole. 
STANDARDS 
RFC 822 (ARPA Internet Text Messages) 
SEE ALSO 
local(8) local delivery agent 
newaliases(1) alias database management 
regexp table(5) POSIX regular expression table format 
pcre table (5) Perl Compatible Regular Expression table format 
LICENSE 
The Secure Mailer license must be distributed with this 
software. 
AUTHOR (S) 


Wietse Venema 

IBM T.J. Watson Research 

P.O. Box 704 

Yorktown Heights, NY 10598, USA 


ALIASES (5) 
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# CANONICAL (5) CANONICAL (5) 
NAME 
canonical - format of Postfix canonical table 
SYNOPSIS postmap /etc/postfix/canonical 
DESCRIPTION 


The optional canonical table specifies an address mapping 
for local and non-local addresses. The mapping is used by 
the cleanup(8) daemon. The address mapping is recursive. 


Normally, the canonical table is specified as a text file 
that serves as input to the postmap(1) command. The 
result, an indexed file in dbm or db format, is used for 
fast searching by the mail system. Execute the command 
postmap /etc/postfix/canonical in order to rebuild the 
indexed file after changing the text file. 


When the table is provided via other means such as NIS, 
LDAP or SQL, the same lookups are done as for ordinary 
indexed files. 


Alternatively, the table can be provided as a regular- 
expression map where patterns are given as regular expres- 
sions. In that case, the lookups are done in a slightly 
different way as described below. 


The canonical mapping affects both message header 
addresses (i.e. addresses that appear inside messages) and 
message envelope addresses (for example, the addresses 
that are used in SMTP protocol commands). Think Sendmail 
rule set S3, if you like. 


Typically, one would use the canonical table to replace 
login names by Firstname.Lastname, or to clean up 
addresses produced by legacy mail systens. 


The canonical mapping is not to be confused with virtual 
domain support. Use the virtual(5) map for that purpose. 


The canonical mapping is not to be confused with local 
aliasing. Use the aliases(5) map for that purpose. 


TABLE FORMAT 
The format of the canonical table is as follows: 


pattern result 
When pattern matches a mail address, replace it by 
the corresponding result. 


blank lines and comments 

Empty lines and whitespace-only lines are ignored, 
as are lines whose first non-whitespace character 
isa'#'. 


multi-line text 
A logical line starts with non-whitespace text. A 
line that starts with whitespace continues a logi- 
cal line. 


FF HE HR Se HE HE HE HE HR SE HR SE HE HE HR SR HR SE SE HE JR SR HR SE ER GE JR SR OR SE ER GE JR SR SR SE SR GE SR SR SR SR SR GE SR SR SR GE GR SR SR SR GE SR SE GR RE H 
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With lookups from indexed files such as DB or DBM, or from 
networked tables such as NIS, LDAP or SQL, patterns are 
tried in the order as listed below: 
user@domain address 
user@domain is replaced by address. This form has 
the highest precedence. 


This form useful to clean up addresses produced by 
legacy mail systems. It can also be used to pro- 
duce Firstname.Lastname style addresses, but see 
below for a simpler solution. 


user address 
user@site is replaced by address when site is equal 
to Smyorigin, when site is listed in Smydestina- 
tion, or when it is listed in Sinet_interfaces. 


This form is useful for replacing login names by 
Firstname.Lastname. 


@domain address 
Every address in domain is replaced by address. 
This form has the lowest precedence. 


In all the above forms, when address has the form @other- 
domain, the result is the same user in otherdomain. 


ADDRESS EXTENSION 
When a mail address localpart contains the optional recip- 
ient delimiter (e.g., user+foo@domain), the lookup order 
becomes: user+foo@domain, user@domain, user+foo, user, and 
@domain. An unmatched address extension (+foo) is propa- 
gated to the result of table lookup. 


REGULAR EXPRESSION TABLES 
This section describes how the table lookups change when 
the table is given in the form of regular expressions. For 
a description of regular expression lookup table syntax, 
see regexp_table(5) or pcre_table(5). 


Bach pattern is a regular expression that is applied to 
the entire address being looked up. Thus, user@domain mail 
addresses are not broken up into their user and @domain 
constituent parts, nor is user+foo broken up into user and 
foo. 


Patterns are applied in the order as specified in the 
table, until a pattern is found that matches the search 
string. 


Results are the same as with indexed file lookups, with 
the additional feature that parenthesized substrings from 
the pattern can be interpolated as $1, $2 and so on. 


BUGS 
The table format does not understand quoting conventions. 


CONFIGURATION PARAMETERS 
The following main.cf parameters are especially relevant 
to this topic. See the Postfix main.cf file for syntax 
details and for default values. Use the postfix reload 
command after a configuration change. 
canonical_maps 
List of canonical mapping tables. 


recipient_canonical_maps 
Address mapping lookup table for envelope and 
header recipient addresses. 
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sender_canonical_maps 
Address mapping lookup table for envelope and 
header sender addresses. 


Other parameters of interest: 


inet_interfaces 
The network interface addresses that this system 
receives mail on. 


masquerade_classes 
List of address classes subject to masquerading: 
zero or more of envelope_sender, envelope_recipi- 
ent, header_sender, header_recipient. 


masquerade_domains 
List of domains that hide their subdomain struc- 
ture. 


masquerade_exceptions 
List of user names that are not subject to address 
masquerading. 


mydestination 
List of domains that this mail system considers 
local. 


myorigin 
The domain that is appended to locally-posted mail. 


owner_request_special 
Give special treatment to owner-xxx and xxx-request 
addresses. 


SEE ALSO 
cleanup(8) canonicalize and enqueue mail 
postmap (1) create mapping table 
virtual (5) virtual domain mapping 
pcre_table(5) format of PCRE tables 
regexp_table(5) format of POSIX regular expression tables 


LICENSE 
The Secure Mailer license must be distributed with this 
software. 

AUTHOR (S) 


Wietse Venema 

IBM T.J. Watson Research 

P.O. Box 704 

Yorktown Heights, NY 10598, USA 
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CANONICAL (5 CANONICAL (5 


NAME 
canonical - format of Postfix canonical table 


SYNOPSIS 
postmap /etc/postfix/canonical 


postmap -q "string" /etc/postfix/canonical 
postmap -q - /etc/postfix/canonical <inputfile 


DESCRIPTION 

The optional canonical table specifies an address mapping 
for local and non-local addresses. The mapping is used by 
the cleanup(8) daemon. The address mapping is recursive. 


Normally, the canonical table is specified as a text file 
that serves as input to the postmap(1) command. The 
result, an indexed file in dbm or db format, is used for 
fast searching by the mail system. Execute the command 
postmap /etc/postfix/canonical in order to rebuild the 
indexed file after changing the text file. 


when the table is provided via other means such as NIS, 
LDAP or SQL, the same lookups are done as for ordinary 
indexed files. 


Alternatively, the table can be provided as a regular- 
expression map where patterns are given as regular expres- 
sions. In that case, the lookups are done in a slightly 
different way as described below. 


The canonical mapping affects both messag header 
addresses (i.e. addresses that appear inside messages) and 
messag nvelope addresses (for xample, th addresses 
that are used in SMTP protocol commands). Think Sendmail 
rule set S3, if you like. 


n 


Typically, one would use the canonical table to replace 
login names by Firstname.Lastname, or to clean up 
addresses produced by legacy mail systens. 

The canonical mapping is not to be confused with virtual 
domain support. Use the virtual(5) map for that purpose. 


The canonical mapping is not to be confused with local 
aliasing. Use the aliases (5) map for that purpose. 


TABLE FORMAT 
The format of the canonical table is as follows: 


pattern result 
when pattern matches a mail address, replace it by 
the corresponding result. 


blank lines and comments 

Empty lines and whitespace-only lines are ignored, 
as are lines whose first non-whitespace character 
is a `#'. 
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multi-line text 
A logical line starts with non-whitespace text. A 
line that starts with whitespace continues a logi- 
cal line. 


With lookups from indexed files such as DB or DBM, or from 
networked tables such as NIS, LDAP or SQL, patterns are 
tried in the order as listed below: 


user@domain address 
user@domain is replaced by address. This form has 
the highest precedenc 


n 


This is useful to clean up addresses produced by 
legacy mail systems. It can also be used to pro- 
duce Firstname.Lastname style addresses, but see 
below for a simpler solution. 


user address 
user@site is replaced by address when site is equal 
to Smyorigin, when site is listed in Smydestina- 
tion, or when it is listed in $inet interfaces. 


This form is useful for replacing login names by 
Firstname.Lastname. 


@domain address 
Every address in domain is replaced by address. 
This form has the lowest precedenc 


In all the above forms, when address has the form @other- 
domain, the result is the same user in otherdomain. 


ADDRESS EXTENSION 
when a mail address localpart contains the optional recip- 


ient delimiter (e.g., usertfoo@domain), the lookup order 
becomes: usertfoo@domain, user@domain, user+foo, user, and 
@domain. An unmatched address extension (+foo) is propa- 


gated to the result of table lookup. 


REGULAR EXPRESSION TABLES 
This section describes how the table lookups change when 
the table is given in the form of regular expressions. For 
a description of regular expression lookup table syntax, 


see regexp table(5) or pere table(5). 


Each pattern is a regular expression that is applied to 
th ntire address being looked up. Thus, user@domain mail 
addresses are not broken up into their user and @domain 
constituent parts, nor is usertfoo broken up into user and 
foo. 


Patterns are applied in the order as specified in the 
table, until a pattern is found that matches the search 
string. 


Results are the same as with indexed file lookups, with 
the additional feature that parenthesized substrings from 


the pattern can be interpolated as $1, $2 and so on. 


BUGS 


The table format does not understand quoting conventions. 
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CONFIGURATION PARAMETERS 
The following main.cf parameters ar specially relevant 
to this topic. See the Postfix main.cf file for syntax 
details and for default values. Use the postfix reload 
command after a configuration change. 


canonical maps 
List of canonical mapping tables. 


recipient canonical maps 
Address mapping lookup table for envelope and 
header recipient addresses. 


sender canonical maps 
Address mapping lookup table for envelope and 
header sender addresses. 


Other parameters of interest: 


inet interfaces 

The network interface addresses that this system 
receives mail on. You need to stop and start Post- 
fix when this parameter changes. 


masquerade classes 

List of address classes subject to masquerading: 
zero or more of envelope sender, envelope recipi- 
ent, header sender, header recipient. 


masquerade domains 
List of domains that hide their subdomain struc- 
ture. 


masquerade exceptions 
List of user names that are not subject to address 


masquerading. 
mydestination 
List of domains that this mail system considers 
local. 
myorigin 
The domain that is appended to locally-posted mail. 


owner request special 
Give special treatment to owner-xxx and xxx-request 
addresses. 


SEE ALSO 
cleanup (8) canonicalize and enqueue mail 
postmap (1) create mapping table 
virtual(5) virtual domain mapping 
pcre table(5) format of PCRE tables 
regexp table(5) format of POSIX regular expression tables 


LICENSE 
The Secure Mailer license must be distributed with this 
software. 

AUTHOR (S) 


Wietse Venema 
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# RELOCATED (5) RELOCATED (5) 
NAME 
relocated — format of Postfix relocated table 
SYNOPSIS 
postmap /etc/postfix/relocated 
DESCRIPTION 
The optional relocated table provides the information that 
is used in "user has moved to new_location" bounce mes- 
sages. 


Normally, the relocated table is specified as a text file 


that serves as input to the postmap(1) command. The 
result, an indexed file in dbm or db format, is used for 
fast searching by the mail system. Execute the command 


postmap /etc/postfix/relocated in order to rebuild the 
indexed file after changing the relocated table. 


When the table is provided via other means such as NIS, 
LDAP or SQL, the same lookups are done as for ordinary 
indexed files. 


Alternatively, the table can be provided as a regular- 
expression map where patterns are given as regular expres- 
sions. In that case, the lookups are done in a slightly 
different way as described below. 


Table lookups are case insensitive. 


TABLE FORMAT 
The format of the table is as follows: 


o An entry has one of the following form: 
key new_location 
Where new_location specifies contact information 
such as an email address, or perhaps a street 
address or telephone number. 


o Empty lines and whitespace-only lines are ignored, 
as are lines whose first non-whitespace character 
isa'#'. 


o A logical line starts with non-whitespace text. A 
line that starts with whitespace continues a logi- 
cal line. 


With lookups from indexed files such as DB or DBM, or from 
networked tables such as NIS, LDAP or SQL, the key field 
is one of the following: 


user@domain 
Matches user@domain. This form has precedence over 
all other forms. 


user Matches user@site when site is $myorigin, when site 
is listed in $mydestination, or when site is listed 
in $inet_interfaces. 
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@domain 
Matches every address in domain. This form has the 
lowest precedence. 


ADDRESS EXTENSION 
when a mail address localpart contains the optional recip- 
ient delimiter (e.g., user+tfoo@domain), the lookup order 
becomes: user+tfoo@domain, user@domain, user+foo, user, and 
@domain. 


Se SHE HE HR Se HE HE HE H 


74_Mail_Services.sxw - 94 


Linux-Kurs Themen - Mail Services - June 14, 2009 Michel Bisson 


# TRANSPORT (5) TRANSPORT (5) 
NAME 
transport - format of Postfix transport table 
SYNOPSIS 
postmap /etc/postfix/transport 
DESCRIPTION 


The optional transport table specifies a mapping from 
domain hierarchies to message delivery transports and/or 
relay hosts. The mapping is used by the trivial-rewrite (8) 
daemon. 


Normally, the transport table is specified as a text file 
that serves as input to the postmap(1) command. The 
result, an indexed file in dbm or db format, is used for 
fast searching by the mail system. Execute the command 
postmap /etc/postfix/transport in order to rebuild the 
indexed file after changing the transport table. 

When the table is provided via other means such as NIS, 
LDAP or SQL, the same lookups are done as for ordinary 
indexed files. 


Alternatively, the table can be provided as a regular- 
expression map where patterns are given as regular expres- 
sions. In that case, the lookups are done in a slightly 
different way as described below. 


TABLE FORMAT 
The format of the transport table is as follows: 


pattern result 
When pattern matches the domain, use the corre- 
sponding result. A pattern of "Si matches all 
entries. 


blank lines and comments 
Empty lines and whitespace-only lines are ignored, 
as are lines whose first non-whitespace character 
isa'#'. 


multi-line text 
A logical line starts with non-whitespace text. A 
line that starts with whitespace continues a logi- 
cal line. 


with lookups from indexed files such as DB or DBM, or from 
networked tables such as NIS, LDAP or SQL, patterns are 
tried in the order as listed below: 


domain transport :nexthop 
Mail for domain is delivered through transport to 
nexthop. 


.domain transport :nexthop 
Mail for any subdomain of domain is delivered 
through transport to nexthop. This applies only 
when the string transport_maps is not listed in the 
parent_domain_matches_subdomains configuration set- 
ting. Otherwise, a domain name matches itself and 
its subdomains. 
An empty result (Uri - default transport, default nexthop) 
behaves as though the transport map did not exist. When 
combined with a wildcard (`*') entry, this can be used to 
route internal mail directly, while using a relay for all 
outbound traffic. (Note that you should _NOT_ set 
relayhost in this case.) 
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.my.domain 


Note: transport map entries take precedence over domains 
specified in the mydestination parameter. If you use the 
optional transport map, it may be safer to specify 
explicit entries for all domains specified in mydestina- 
tion, for example: 


hostname.my.domain local: 
localhost .my.domain local: 


The interpretation of the nexthop field is transport 
dependent. In the case of SMTP, specify host:service for a 
non-default server port, and use [host] or [host]:port in 
order to disable MX (mail exchanger) DNS lookups. The [] 
form can also be used with IP addresses instead of hostnames. 


EXAMPLES 
In order to send mail for foo.org and its subdomains via 
the uucp transport to the UUCP host named foo: 


foo.org uucp:foo 
.Foo.org uucp:foo 


when no nexthop host name is specified, the destination 
domain name is used instead. For example, the following 
directs mail for user@foo.org via the slow transport to a 
mail exchanger for foo.org. The slow transport could be 
something that runs at most one delivery process at a 
time: 


foo.org slow: 


when no transport is specified, the default transport is 
used, as specified via the default_transport configuration 
parameter. The following sends all mail for foo.org and 
its subdomains to host gateway.foo.org: 


foo.org : [gateway.foo.org] 

.Foo.org : [gateway.foo.org] 
In the above example, the [] are used to suppress MX 
lookups. The result would likely point to your local 
machine. 


In the case of delivery via SMTP, one may specify host- 
name:service instead of just a host: 


foo.org smtp:bar.org:2025 
This directs mail for user@foo.org to host bar.org port 
2025. Instead of a numerical port a symbolic name may be 
used. Specify [] around the hostname in order to disable 
MX lookups. 


The error mailer can be used to bounce mail: 
.foo.org error:mail for *.foo.org is not deliverable 
This causes all mail for user@anything.foo.org to be bounced. 


REGULAR EXPRESSION TABLES 
This section describes how the table lookups change when 
the table is given in the form of regular expressions. For 
a description of regular expression lookup table syntax, 
see regexp_table(5) or pcre_table (5). 


Bach pattern is a regular expression that is applied to 
the entire domain being looked up. Thus, some.domain.hier- 
archy is not broken up into parent domains. 
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Patterns are applied in the order as specified in the 
table, until a pattern is found that matches the search 
string. 


Results are the same as with indexed file lookups, with 
the additional feature that parenthesized substrings from 
the pattern can be interpolated as $1, $2 and so on. 


CONFIGURATION PARAMETERS 
The following main.cf parameters are especially relevant 
to this topic. See the Postfix main.cf file for syntax 
details and for default values. Use the postfix reload 
command after a configuration change. 


parent_domain_matches_subdomains 
List of Postfix features that use domain.tld pat- 
terns to match sub.domain.tld (as opposed to 
requiring .domain.tld patterns). 


transport_maps 
List of transport lookup tables. 


Other parameters of interest: 


default_transport 
The transport to use when no transport is explic- 
itly specified. 


relayhost 
The default host to send to when no transport table 
entry matches. 


SEE ALSO 
postmap (1) create mapping table 
trivial-rewrite(8) rewrite and resolve addresses 
pcere_table(5) format of PCRE tables 
regexp_table (5) format of POSIX regular expression tables 
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VIRTUAL (5) VIRTUAL (5) 
NAME 
virtual — format of Postfix virtual table 
SYNOPSIS 
postmap /etc/postfix/virtual 
DESCRIPTION 
The optional virtual table specifies address redirections 
for local and non-local recipients or domains. The redi- 


rections are used by the cleanup(8) daemon. The redirec- 
tions are recursive. 


The virtual redirection is applied only to recipient enve- 
lope addresses, and does not affect message headers. 
Think Sendmail rule set S0, if you like. Use canonical(5) 
mapping to rewrite header and envelope addresses in gen- 
eral. 


Normally, the virtual table is specified as a text file 
that serves as input to the postmap(1) command. The 
result, an indexed file in dbm or db format, is used for 
fast searching by the mail system. Execute the command 
postmap /etc/postfix/virtual in order to rebuild the 
indexed file after changing the text file. 


when the table is provided via other means such as NIS, 
LDAP or SQL, the same lookups are done as for ordinary 
indexed files. 


Alternatively, the table can be provided as a regular- 
expression map where patterns are given as regular expres- 
sions. In that case, the lookups are done in a slightly 
different way as described below. 


POSTFIX-STYLE VIRTUAL DOMAINS 
With a Postfix-style virtual domain, the virtual domain 
has its own user name space. Local (i.e. non-virtual) 
usernames are not visible in a Postfix-style virtual 
domain. In particular, local aliases(5) and mailing lists 
are not visible as localname@virtual.domain. 


Use a Sendmail-style virtual domain (see below) if local 
usernames, aliases(5) or mailing lists should be visible 
as localname@virtual.domain. 


Support for a Postfix-style virtual domain looks like: 


/etc/postfix/virtual: 
virtual.domain anything (right-hand content does not matter) 
postmaster@virtual.domain postmaster 


userl@virtual.domain addressil 
user2@virtual.domain address2, address3 


The virtual.domain anything entry is required for a Post- 
fix-style virtual domain. 


Do not list a Postfix-style virtual domain in the main.cf 
mydestination configuration parameter. Such an entry is 
required only for a Sendmail-style virtual domain. 


with a Postfix-style virtual domain, the Postfix SMTP 
server accepts mail for known-user@virtual.domain and 
rejects mail for unknown-user@virtual.domain as undeliver- 
able. 


SENDMAIL-STYLE VIRTUAL DOMAINS 
with a Sendmail-style virtual domain, every local (i.e. 
non-virtual) username is visible in the virtual domain. In 
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particular, every local alias and mailing list is visible 
as localname@virtual.domain. 


Use a Postfix-style virtual domain (see above) if local 
usernames, aliases(5) or mailing lists should not be visi- 
ble as localname@virtual.domain. 


Support for a Sendmail-style virtual domain looks like: 


/etc/postfix/main.cf: 
mydestination = $myhostname localhost.$mydomain $mydomain 
virtual.domain 


/etc/postfix/virtual: 
userl@virtual.domain addressil 
user2@virtual.domain address2, address3 


The main.cf mydestination entry is required for a Send- 
mail-style virtual domain. 


Do not specify a virtual.domain anything virtual map entry 
for a Sendmail-style virtual domain. Such an entry is 
required only with a Postfix-style virtual domain. 


with a Sendmail-style virtual domain, the Postfix local 
delivery agent delivers mail for an unknown user@vir- 
tual.domain to a local (i.e. non-virtual) user that has 
the same name; if no such recipient exists, the Postfix 
local delivery agent bounces the mail to the sender. 


TABLE FORMAT 
The format of the virtual table is as follows, mappings 
being tried in the order as listed in this manual page: 


pattern result 
When pattern matches a mail address, replace it by 
the corresponding result. 


blank lines and comments 
Empty lines and whitespace-only lines are ignored, 
as are lines whose first non-whitespace character 
isa'#'. 


multi-line text 
A logical line starts with non-whitespace text. A 
line that starts with whitespace continues a logi- 
cal line. 


with lookups from indexed files such as DB or DBM, or from 
networked tables such as NIS, LDAP or SQL, patterns are 
tried in the order as listed below: 
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user@domain address, address, 
Mail for user@domain is redirected to address. 
This form has the highest precedence. 


user address, address, 
Mail for user@site is redirected to address when 
site is equal to Smyorigin, when site is listed in 
Smydestination, or when it is listed in 
Sinet_interfaces. 


This functionality overlaps with functionality of 
the local alias(5) database. The difference is that 
virtual mapping can be applied to non-local 
addresses. 


@domain address, address, 
Mail for any user in domain is redirected to 
address. This form has the lowest precedence. 


In all the above forms, when address has the form @other- 
domain, the result is the same user in otherdomain. This 
works for the first address in the expansion only. 


ADDRESS EXTENSION 
when a mail address localpart contains the optional recip- 
ient delimiter (e.g., user+tfoo@domain), the lookup order 
becomes: user+foo@domain, user@domain, user+foo, user, and 
@domain. An unmatched address extension (+foo) is propa- 
gated to the result of table lookup. 


REGULAR EXPRESSION TABLES 
This section describes how the table lookups change when 
the table is given in the form of regular expressions. For 
a description of regular expression lookup table syntax, 
see regexp_table(5) or pcre_table (5). 


Bach pattern is a regular expression that is applied to 
the entire address being looked up. Thus, user@domain mail 
addresses are not broken up into their user and @domain 
constituent parts, nor is user+foo broken up into user and 
foo. 


Patterns are applied in the order as specified in the 
table, until a pattern is found that matches the search 
string. 


Results are the same as with indexed file lookups, with 
the additional feature that parenthesized substrings from 
the pattern can be interpolated as $1, $2 and so on. 


BUGS 
The table format does not understand quoting conventions. 


CONFIGURATION PARAMETERS 
The following main.cf parameters are especially relevant 
to this topic. See the Postfix main.cf file for syntax 
details and for default values. Use the postfix reload 
command after a configuration change. 


virtual_maps 
List of virtual mapping tables. 
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Other parameters of interest: 


inet_interfaces 
The network interface addresses that this system 
receives mail on. 


mydestination 
List of domains that this mail system considers 
local. 


myorigin 
The domain that is appended to locally-posted mail. 


owner_request_special 
Give special treatment to owner-xxx and xxx-request 
addresses. 


SEE ALSO 


cleanup (8) canonicalize and enqueue mail 

postmap(1) create mapping table 

pcre_table(5) format of PCRE tables 

regexp_table(5) format of POSIX regular expression tables 


LICENSE 


The Secure Mailer license must be distributed with this 
software. 


AUTHOR (S) 


Wietse Venema 

IBM T.J. Watson Research 

P.O. Box 704 

Yorktown Heights, NY 10598, USA 
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VIRTUAL (5) 


alias table 


VIRTUAL (5) 
NAME 
virtual - format of Postfix virtual 
SYNOPSIS 
postmap /etc/postfix/virtual 
postmap -q "string" /etc/postfix/virtual 
postmap -q - /etc/postfix/virtual <inputfile 
DESCRIPTION 
The optional virtual alias tab] 


ing for arbitrary local or non-] 
Virtual aliasing is recursive, 


cleanup (8) daemon. 


The main applications of virtual 


le specifies address alias- 
local recipient addresses. 
and is done by the Postfix 


aliasing are: 


m 


oO Do redirect mail for one address to one or more 
addresses. 

o To implement virtual alias domains where all 

addresses are aliased to addresses in other 
domains. 
Virtual alias domains are not to be confused with 
the virtual mailbox domains that are implemented 
with the Postfix wvirtual(8) mail delivery agent. 
With virtual mailbox domains, each recipient 
address can have its own mailbox. 

virtual aliasing is applied only to recipient envelop 

addresses, and does not affect messag headers. Think 

Sendmail rule set S0, if you like. Use canonical (5) map- 


addresses in 


nvel 


ping to rewrite header and 


Normally, the virtual a] 
file that serves as input 
result, an indexed file 
fast searching by the mail 
postmap /etc/postfix/virtual 
indexed fil 


after changing the 


When the table is provided via o 
same lookups are done 


LDAP or SQL, the 


indexed files. 


lop 


general. 


lias table is specified as a text 


to the postmap(1) command. The 
in dbm or db format, is used for 
system. Execute the command 
in order to rebuild the 

text file. 
ther means such as NIS, 


as for ordinary 


Alternatively, the table can be provided as a regular- 
expression map where patterns are given as regular expres- 
sions. In that case, the lookups are done in a slightly 
different way as described below. 

TABLE FORMAT 
The format of the virtual table is as follows, mappings 
being tried in the order as listed in this manual page: 


pattern result 


When pattern matches a mail address, 


replace it by 


the corresponding result. 
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blank lines and comments 

Empty lines and whitespace-only lines are ignored, 
as are lines whose first non-whitespace character 
is a `#'. 


multi-line text 
A logical line starts with non-whitespace text. A 
line that starts with whitespace continues a logi- 
cal line. 


With lookups from indexed files such as DB or DBM, or from 
networked tables such as NIS, LDAP or SQL, patterns are 
tried in the order as listed below: 


user@domain address, address, 
Mail for user@domain is redirected to address. 
This form has the highest precedenc 


user address, address, 
Mail for user@site is redirected to address when 
site is equal to Smyorigin, when site is listed in 
Smydestination, or when Le is listed in 
Sinet_interfaces. 


This functionality overlaps with functionality of 
the local aliases(5) database. The difference is 
that virtual mapping can be applied to non-local 
addresses. 


@domain address, address, 
Mail for any user in domain is redirected to 
address. This form has the lowest precedenc 


In all the above forms, when address has the form @other- 
domain, the result is the same user in otherdomain. This 
works for the first address in the expansion only. 


ADDRESS EXTENSION 
When a mail address localpart contains the optional recip- 
ient delimiter (e.g., user+foo@domain), the lookup order 
becomes: usertfoo@domain, user@domain, user+foo, user, and 
@domain. An unmatched address extension (+foo) is propa- 
gated to the result of table lookup. 


VIRTUAL ALIAS DOMAINS 

Besides virtual aliases, the virtual alias table can also 
be used to implement virtual alias domains. With a virtual 
alias domain, all recipient addresses are aliased to 
addresses in other domains. 


Virtual alias domains are not to be confused with the vir- 
tual mailbox domains that are implemented with the Postfix 
virtual(8) mail delivery agent. With virtual mailbox 
domains, each recipient address can have its own mailbox. 


With a virtual alias domain, the virtual domain has its 
own user name space. Local (i.e. non-virtual) usernames 
are not visible in a virtual alias domain. In particular, 
local aliases (5) and local mailing lists are not visible 
as localname@virtual-alias.domain. 


Support for a virtual alias domain looks like: 
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/etc/postfix/main.cf: 
virtual_alias_maps = hash:/etc/postfix/virtual 
Note: some systems use dbm databases instead of hash. 
See the output from postconf -m for available database 
types. 

/etc/postfix/virtual: 


virtual-alias.domain anything (right-hand content does not matter) 


postmaster@virtual-alias.domain postmaster 
userl@virtual-alias.domain address) 
user2@virtual-alias.domain address2, address3 


The virtual-alias.domain anything entry is required for a 
virtual alias domain. Without this entry, mail is rejected 
with "relay access denied", or bounces with "mail loops 
back to myself". 


Do not specify virtual alias domain names in the main.cf 
mydestination or relay domains configuration parameters. 


with a virtual alias domain, the Postfix SMTP server 
accepts mail for known-user@virtual-alias.domain, and 
rejects mail for unknown-user@virtual-alias.domain as 
undeliverable. 

Instead of specifying the virtual alias domain name via 


the virtual alias maps table, you may also specify it via 
the main.cf virtual alias domains configuration parameter. 
This latter parameter uses the same syntax as the main.cf 
mydestination configuration parameter. 


REGULAR EXPRESSION TABLES 
This section describes how the table lookups change when 
the table is given in the form of regular expressions. For 
a description of regular expression lookup table syntax, 


see regexp table(5) or pcre table(5). 


Each pattern is a regular expression that is applied to 
th ntire address being looked up. Thus, user@domain mail 
addresses are not broken up into their user and (domain 
constituent parts, nor is usertfoo broken up into user and 
foo. 


Patterns are applied in the order as specified in the 
table, until a pattern is found that matches the search 
string. 


Results are the same as with indexed file lookups, with 
the additional feature that parenthesized substrings from 
the pattern can be interpolated as $1, $2 and so on. 


BUGS 
The table format does not understand quoting conventions. 


CONFIGURATION PARAMETERS 

The following main.cf parameters ar specially relevant 
to this topic. See the Postfix main.cf file for syntax 
details and for default values. Use the postfix reload 
command after a configuration change. 


virtual alias maps 
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List of virtual aliasing tables. 


virtual alias domains 
List of virtual alias domains. This uses 


syntax as the mydestination parameter. 


th sam 
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Other parameters of interest: 


inet interfaces 

The network interface addresses that this system 
receives mail on. You need to stop and start Post- 
fix when this parameter changes. 


mydestination 
List of domains that this mail system considers 
local. 


myorigin 
The domain that is appended to any address that 
does not have a domain. 


owner request special 
Give special treatment to owner-xxx and xxx-request 
addresses. 


SEE ALSO 
cleanup(8) canonicalize and enqueue mail 
postmap (1) create mapping table 
regexp table(5) POSIX regular expression table format 
pcre _table(5) Perl Compatible Regular Expression table format 


LICENSE 
The Secure Mailer license must be distributed with this 
software. 

AUTHOR (S) 


Wietse Venema 

IBM T.J. Watson Research 

P.O. Box 704 

Yorktown Heights, NY 10598, USA 


VIRTUAL (5) 
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# REGEXP_TABLE (5) REGEXP_TABLE (5) 
NAME 
regexp_table - format of Postfix regular expression tables 
SYNOPSIS 
regexp: /etc/postfix/filename 
DESCRIPTION 


The Postfix mail system uses optional tables for address 
rewriting or mail routing. These tables are usually in dbm 
or db format. Alternatively, lookup tables can be speci- 
fied in POSIX regular expression form. 


To find out what types of lookup tables your Postfix sys- 
tem supports use the postconf -m command. 


The general form of a Postfix regular expression table is: 


pattern result 
When pattern matches a search string, use the cor- 
responding result. 


blank lines and comments 

Empty lines and whitespace-only lines are ignored, 
as are lines whose first non-whitespace character 
isa'#'. 


multi-line text 
A logical line starts with non-whitespace text. A 
line that starts with whitespace continues a logi- 
cal line. 


patternl!pattern2 result 
Matches patternl but not pattern2. 


Each pattern is a regular expression enclosed by a pair of 
delimiters. The regular expression syntax is described in 
re_format (7). The expression delimiter can be any charac- 
ter, except whitespace or characters that have special 
meaning (traditionally the forward slash is used). The 
regular expression can contain whitespace. 


By default, matching is case-insensitive, although follow- 
ing the second slash with an 'i' flag will reverse this. 
Other flags are "zi (disable extended expression syntax), 
and "mi (enable multi-line mode). 


Each pattern is applied to the entire lookup key string. 
Depending on the application, that string is an entire 
client hostname, an entire client IP address, or an entire 
mail address. Thus, no parent domain or parent network 
search is done, and user@domain mail addresses are not 
broken up into their user and domain constituent parts, 
nor is usert+foo broken up into user and foo. 


Patterns are applied in the order as specified in the 
table, until a pattern is found that matches the search 
string. 


Substitution of substrings from the matched expression 
into the result string is possible using $1, $2, etc.. The 
macros in the result string may need to be written as ${n} 
or $(n) if they aren't followed by whitespace. 
EXAMPLE SMTPD ACCESS MAP 
# Disallow sender-specified routing. This is a must if you relay mail 
# for other domains. 
/[S!@].*[S!@]/ 550 Sender-specified routing rejected 


FF HE HR HE HE SE SHE HE HR HE HR SE SHE ER IE HR OR SRE JR HE ROE RE JR GE RO SR ROE RE ROR ROE JR ER ROR SR OE SR GE SRO SR GE SR GE SR SE SR GE JR GE SR SR SR GE SR e H H 
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# Postmaster is OK, that way they can talk to us about how to fix 
# their problem. 
/*postmaster@/ OK 


# Protect your outgoing majordomo exploders 
/*(.*)-outgoing@ (.*)$/!/*owner-/ 550 Use ${1}@${2} instead 


EXAMPLE HEADER FILTER MAP 
# These were once common in junk mail. 


/*Subject: make money fast/ REJECT 
/*To: friend@public\.com/ REJECT 
SEE ALSO 


pcre_table(5) format of PCRE tables 


AUTHOR (S) 
The regexp table lookup code was originally written by: 
LaMont Jones 
lamont@hp.com 


That code was based on the PCRE dictionary contributed by: 
Andrew McNamara 

andrewm@connect.com.au 

connect.com.au Pty. Ltd. 

Level 3, 213 Miller St 

North Sydney, NSW, Australia 


Adopted and adapted by: 

Wietse Venema 

IBM T.J. Watson Research 

P.O. Box 704 

Yorktown Heights, NY 10598, USA 


Se SHE He HE SHEE HE HE SHE HE SRE ER HR HR ROE HE SR ROE SR SE ROR Se OE SR OSE SR ROE 


/etc/postfix/dynamicmaps.cf 
# Postfix dynamic maps configuration file. 


# 

# The first match found is the one that is used. The only wildcard 

# allowed is '*', which matches everything. The first Sa is expanded 
# to the map type. 

# 

#type location of .so file name of open function 
/usr/lib/postfix/dict_%s.so dict_%s_open 
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Programs running under Postfix 


Postfix background processes 

The previous sections gave a simplified overview of how the Postfix system sends and 
receives mail. Several other things happen behind the scenes. Unfortunately, this is hard 
to visualize on a two-dimensional display, so this document has no illustration. 


The master daemon is the supervisor process that keeps an eye on the well-being 
of the mail system. It is typically started at system boot time by the postfix 
command, and keeps running until the system goes down. The master daemon is 
responsible for starting all other Postfix daemon processes on demand, and for 
restarting daemons that terminated prematurely because of some problem. The 
master daemon is also responsible for enforcing the daemon process count limits 
as specified in the master.cf configuration file. 


The bounce or defer daemon is called upon left and right by other daemon 
processes, in order to maintain per-message log files with non-delivery status 
information. 


The trivial-rewrite daemon is called upon left and right by other daemon processes, 
in order to rewrite an address to user@fully.qualified.domain form, or in order to 
resolve a destination. 


The showg daemon lists the Postfix queue status. This is the program behind the 
mailg command. 


The flush daemon improves the performance of the SMTP ETRN request, and of its 
command-line equivalent, sendmail -qRdestination, for selected destinations. 


The proxymap daemon provides read-only lookup service to Postfix client 
processes. The purpose is to overcome chroot restrictions, and to consolidate the 
number of open lookup tables by sharing one open table among multiple processes. 


The spawn daemon listens on a TCP port, UNIX-domain socket or FIFO, and runs 
non-Postfix commands on request, with the socket or FIFO connected to the 
standard input, output and error streams. It is currently used only in an example of 
the Postfix external content filtering system. 
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BOUNCE (8) BOUNCE (8) 


NAME 


bounce - Postfix message bounce or defer daemon 


SYNOPSIS 


bounce [generic Postfix daemon options] 


DESCRIPTION 


The bounce daemon maintains per-message log files with 
non-delivery status information. Each log file is named 
after th queue file that it corresponds to, and is kept 
in a queue subdirectory named after th servic nam in 
the master.cf file (either bounce or defer). This program 
expects to be run from the master (38) process manager. 


The bounce daemon processes two types of service requests: 


oO Append a recipient status record to a per-message 
log file. 

o Post a bounce message, with a copy of a log file 
and of the corresponding message. When the bounce 
is posted successfully, the log file is deleted. 


n 


The software does a best effort to notify the sender that 
there was a problem. A notification is sent even when th 
log file or original message cannot be read. 


Optionally, a client can request that the per-messag log 
Fil be deleted when the requested operation fails. This 
is used by clients that cannot retry transactions by them- 
selves, and that depend on retry logic in their own 
client. 


STANDARDS 


DIAGNOSTICS 


BUGS 


RFC 822 (ARPA Internet Text Messages) 
RFC 1894 (Delivery Status Notifications) 
RFC 2045 (Format of Internet Message Bodies) 


Problems and transactions are logged to syslogd (8). 


The log files use an ad-hoc, unstructured format. This 
will have to change in order to easily support standard 
delivery status notifications. 


CONFIGURATION PARAMETERS 


The following main.cf parameters ar specially relevant 
to this program. See the Postfix main.cf file for syntax 
details and for default values. Use the postfix reload 
command after a configuration change. 


bounce notice recipient 
The recipient of single bounce postmaster notices. 


2bounce notice recipient 
The recipient of double bounce postmaster notices. 


delay notice recipient 
The recipient of "delayed mail" postmaster notices. 


bounce size limit 


Michel Bisson 
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Limit the amount of original message context that 
is sent in a non-delivery notification. 


mail name 
Use this mail system name in the introductory text 
at the start of a bounce message. 


notify classes 
Notify the postmaster of bounced mail when this 
parameter includes the bounce class. For privacy 
reasons, the message body is not included. 


SEE ALSO 
master(8) process manager 


gmgr(8) queue manager 
syslogd(8) system logging 


LICENSE 
The Secure Mailer license must be distributed with this 
software. 

AUTHOR (S) 


Wietse Venema 

IBM T.J. Watson Research 

P.O. Box 704 

Yorktown Heights, NY 10598, USA 


BOUNCE 


al 
~ 
CO 
<~ 
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MASTER (8) MASTER (8) 
NAME 
master - Postfix master process 
SYNOPSIS 
master [-Dtv] [-c config dir] [-e exit time] 
DESCRIPTION 


The master daemon is the resident process that runs Post- 
fix daemons on demand: daemons to send or receive messages 
via the network, daemons to deliver mail locally, etc. 
These daemons are created on demand up to a configurable 
maximum number per servic 


Postfix daemons terminate voluntarily, either after being 
idle for a configurable amount of time, or after having 
serviced a configurable number of requests. The exception 
to this rule is the resident Postfix queue manager. 


Fa 


The behavior of the master daemon is controlled by the 
master.cf configuration file. The table specifies zero or 
more servers in the UNIX or INET domain, or servers that 
take requests from a FIFO. Precise configuration details 
are given in the master.cf file, and in the manual pages 
of the respective daemons. 


Options: 


-c config dir 
Read the main.cf and master.cf configuration files 
in the named directory instead of the default con- 
figuration directory. 


-e exit time 
Terminate the master process after exit time sec- 
onds. Child processes terminate at their conve- 


nience. 
-D After initialization, run a debugger on the master 
process. The debugging command is specified with 


the debugger command in the main.cf global configu- 
ration file. 


-t Test mode. Return a zero exit status when the mas- 
ter.pid lock file does not exist or when that file 
is not locked. This is evidence that the master 
daemon is not running. 


-v Enable verbose logging for debugging purposes. This 
option is passed on to child processes. Multiple -v 
options make the software increasingly verbose. 


Signals: 


SIGHUP Upon receipt of a HUP signal (e.g., after postfix 
reload), the master process re-reads its configura- 
tion files. If a service has been removed from the 
master.cf file, its running processes ar termi- 
nated immediately. Otherwise, running processes 
are allowed to terminate as soon as is convenient, 
so that changes in configuration settings affect 
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only new service requests. 


SIGTERM 
Upon receipt of a TERM signal (e.g., after postfix 
abort), the master process passes the signal on to 
its child processes and terminates. This is useful 
for an emergency shutdown. Normally one would ter- 
minate only the master (postfix stop) and allow 
running processes to finish what they are doing. 


DIAGNOSTICS 
Problems are reported to syslogd (8). 


BUGS 
ENVIRONMENT 
MAIL DEBUG 
After initialization, start a debugger as specified 
with the debugger command configuration parameter 
in the main.cf configuration file. 


MAIL CONFIG 
Directory with Postfix configuration files. 


CONFIGURATION PARAMETERS 
The following main.cf parameters ar specially relevant 
to this program. See the Postfix main.cf file for syntax 
details and for default values. Use the postfix reload 
command after a configuration change. 


Miscellaneous 
import environment 


export environment 
Lists of names of environment parameters that can 
be imported from (exported to) non-Postfix pro- 
cesses. 


mail owner 
The owner of the mail queue and of most Postfix 
processes. 


command directory 
Directory with Postfix support programs. 


daemon directory 
Directory with Postfix daemon prograns. 


queue directory 
Top-level directory of the Postfix queue. This is 
also the root directory of Postfix daemons that run 
chrooted. 


inet interfaces 
The network interface addresses that this system 
receives mail on. You need to stop and start Post- 
fix when this parameter changes. 


Resource controls 
default process limit 
Default limit for the number of simultaneous child 
processes that provide a given service. 


74_Mail_Services.sxw - 114 


Linux-Kurs Themen - Mail Services - June 14, 2009 Michel Bisson 


max idle 
Limit the time in seconds that a child process 
waits between service requests. 


max use 
Limit the number of service requests handled by a 
child process. 


service throttle time 
Time to avoid forking a server that appears to be 


broken. 
FILES 
/etc/postfix/main.cf: global configuration file. 
/etc/postfix/master.cf: master process configuration file. 
/var/spool/postfix/pid/master.pid: master lock file. 
SEE ALSO 
gmar (8) queue manager 
pickup (8) local mail pickup 
syslogd (8) system logging 
LICENSE 
The Secure Mailer license must be distributed with this 
software. 
AUTHOR (S) 


Wietse Venema 

IBM T.J. Watson Research 

P.O. Box 704 

Yorktown Heights, NY 10598, USA 


MASTER (8) 
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TRIVIAL-REWRITE (8) 


Michel Bisson 


TRIVIAL-REWRITE (8) 


NAME 
trivial-rewrite - Postfix address rewriting and resolving 
daemon 
SYNOPSIS 
trivial-rewrite [generic Postfix daemon options] 
DESCRIPTION 


The trivial-rewrite daemon processes two types of client 
service requests: 


rewrite 
Rewrite an address to standard form. The trivial- 
rewrite daemon by default appends local domain 
information to unqualified addresses, swaps bang 
paths to domain form, and strips source routing 
information. This process is under control of sev- 
eral configuration parameters (s below). 


resolve 
Resolve an address to a (transport, nexthop, recip- 


ient) triple. The meaning of the results is as follows: 


transport 
The delivery agent to use. This is the first 
field of an entry in the master.cf file. 


nexthop 


The host to send to and optional delivery 
method information. 


recipient 
Th nvelop recipient address that IS 
passed on to nexthop. 


DEFAULT DELIVERY METHODS 


By default, Postfix uses one of the following delivery 
methods. This may be overruled with the optional trans- 
port (5) table. The default delivery method is selected by 
matching the recipient address domain against one of the 
following: 


$mydestination 


$inet interfaces 

The transport and optional nexthop are specified 
with $local transport. The default nexthop is the 
recipient domain. 


$virtual alias domains 


The recipient address is undeliverabl (user 
unknown). By definition, all known addresses in a 
virtual alias domain are aliased to other 
addresses. 


$virtual mailbox domains 
The transport and optional nexthop are specified 
with virtual transport. The default nexthop is 
the recipient domain. 


$relay domains 
The transport and optional nexthop are specified 
with $relay transport. This overrides the optional 
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nexthop information that is specified with $relay- 
host. The default nexthop is the recipient domain. 
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none of the above 
The transport and optional nexthop are specified 
with  $default transport. This overrides the 
optional nexthop information that is specified with 
$relayhost. The default nexthop is the recipient 
domain. 


SERVER PROCESS MANAGEMENT 

The trivial-rewrite servers run under control by the Post- 
fix master server. Each server can handle multiple simul- 
taneous connections. When all servers are busy while a 
client connects, the master creates a new server process, 
provided that the trivial-rewrite server process limit is 
not exceeded. Each trivial-rewrit server terminates 
after serving at least $max_ use clients of after $max idle 
seconds of idle time. 


STANDARDS 
None. The command does not interact with the outside 
world. 


SECURITY 
The trivial-rewrite daemon is not security sensitive. By 
default, this daemon does not talk to remote or local 
users. It can run at a fixed low privilege in a chrooted 
environment. 


DIAGNOSTICS 
Problems and transactions are logged to syslogd (8). 


BUGS 

CONFIGURATION PARAMETERS 
The following main.cf parameters ar specially relevant 
to this program. See the Postfix main.cf file for syntax 
details and for default values. Use the postfix reload 
command after a configuration change. 

Miscellaneous 


empty address recipient 
The recipient that is substituted for the null 
address. 


inet interfaces 
The network interfaces that this mail system 
receives mail on. This information is used to 
determine if user@[net.work.addr.ess] is local or 
remote. Mail for local users is given to the 
$local transport. 


mydestination 
List of domains that are given to the $local trans- 
port. 


virtual alias domains 
List of simulated virtual domains (domains with all 
recipients aliased to some other local or remote 
domain). 


virtual mailbox domains 


List of domains that are given to the $vir- 
tual transport. 
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relay domains 


Michel Bisson 


List of domains that are given to the $relay trans- 


port. 


resolve unquoted address 
When resolving an address, 


do not quote the address 


localpart as per RFC 822, so that additional @, % 
or ! characters remain visible. This is techni- 
cally incorrect, but allows us to stop relay 
attacks when forwarding mail to a Sendmail primary 
MX host. 

relocated maps 
Tables with contact information for users, hosts or 


ct ct 


domains that no longer exist. 


Rewriting 
myorigin 


See relocated(5). 


The domain that locally-posted mail appears to come 


from. 


allow percent hack 
Rewrite user%domain to user@domain. 


append at myorigin 
Rewrite user to user@$myorigin. 


append dot mydomain 


Rewrite user@host to user@host.$mydomain. 


swap bangpath 
Rewrite site!user to user@site. 


Routing 
local transport 
Where to 
$mydestination or $inet interfaces. 
transport is local: $myhostname. 


is 
The 


Syntax 
details. 


transport:nexthop; 


virtual transport 


Where to deliver mail for non-local 
match $virtual mailbox domains. 
port is virtual. 


Syntax is transport:nexthop; see 


deliver mail for destinations that match 


The default 


see transport(5) for 


:nexthop part is optional. 


domains that 


The default trans- 


transport(5) for 


is 


details. The :nexthop part is optional 

relay transport 
Where to deliver mail for non-local domains that 
match $relay domains. The default transport 
relay (which normally is a clone of the smtp trans- 
port). 


Syntax is transport:nexthop; 
details. The 


see 


default transport 
Where to deliver all 
default transport is smtp. 


Syntax is transport:nexthop; see 


other non-local mail. 


transport (5) for 


ınexthop part is optional. 


The 


transport (5) for 


74_Mail_Services.sxw - 120 


Linux-Kurs Themen - Mail Services - June 14, 2009 Michel Bisson 


details. The :nexthop part is optional. 


parent domain matches subdomains 

List of Postfix features that use domain.tld pat- 
terns to match sub.domain.tld (as opposed to 
requiring .domain.tld patterns). 


relayhost 
The default host to send non-local mail to when no 
host is specified with $relay transport or 
$default transport, and when the recipient address 
does not match the optional the transport (5) table. 


transport maps 
List of tables with recipient or domain to (trans- 
port, nexthop) mappings. 


SEE ALSO 
master (8) process manager 
syslogd (8) system logging 
transport (5) transport table format 
relocated (5) format of the "user has moved" table 


LICENSE 
The Secure Mailer license must be distributed with this 
software. 

AUTHOR (S) 


Wietse Venema 

IBM T.J. Watson Research 

P.O. Box 704 

Yorktown Heights, NY 10598, USA 


TRIVIAL-REWRITE (8) 
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SHOWO (8) 
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SHOWO (8) 


NAME 
showq - list the Postfix mail queue 


SYNOPSIS 
showq [generic Postfix daemon options] 


DESCRIPTION 
The showq daemon reports the Postfix mail queue status. 
It is the program that emulates the sendmail `mailq' com- 
mand. 


The showq daemon can also be run in stand-alone mode by 
the superuser. This mode of operation is used to emulate 
the ‘“mailq' command while the Postfix mail system is down. 


SECURITY 
The showq daemon can run in a chroot jail at fixed low 
privilege, and takes no input from the client. Its service 
port is accessible to local untrusted users, so the ser- 


vice can be susceptible to denial of service attacks. 
STANDARDS 
None. The showq daemon does not interact with the outside 
world. 
DIAGNOSTICS 


Problems and transactions are logged to syslogd (8). 


BUGS 
The showq daemon runs at a fixed low privilege; conse- 
quently, it cannot extract information from queue files in 
the maildrop directory. 

SEE ALSO 
cleanup (8) canonicalize and enqueue mail 
pickup (8) local mail pickup service 
qmgr(8) mail being delivered, delayed mail 
syslogd (8) system logging 

LICENSE 
The Secure Mailer license must be distributed with this 
software. 

AUTHOR (S) 


Wietse Venema 

IBM T.J. Watson Research 

P.O. Box 704 

Yorktown Heights, NY 10598, USA 


SHOWO (8) 
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FLUSH (8) FLUSH (8) 


NAME 
flush - Postfix fast flush server 


SYNOPSIS 
flush [generic Postfix daemon options] 


DESCRIPTION 
The flush server maintains a record of deferred mail by 
destination. This information is used to improve the per- 
formance of the SMTP ETRN request, and of its command-line 
equivalent, sendmail -qR. This program expects to be run 
from the master(8) process manager. 


The record is implemented as a per-destination logfile 


with as contents the queue IDs of deferred mail. A logfile 
is append-only, and is truncated when delivery is 
requested for the corresponding destination. A destination 


is the part on the right-hand side of the right-most @ in 
an email address. 


Per-destination logfiles of deferred mail are maintained 
only for eligible destinations. The list of eligible des- 
tinations is specified with the fast flush domains config- 
uration parameter, which defaults to $relay domains. 


This server implements the following requests: 


FLUSH REQ ADD sitename queue_id 


Inform the fast flush server that the specified 
message is queued for sitename. Depending on log- 
ging policy, the fast flush server stores or 


ignores the information. 


FLUSH REQ SEND sitename 


Request delivery of mail that is queued for site- 
name. If the destination is eligible for a fast 
flush logfile, this request triggers delivery of 
messages listed in that destination's logfile, and 
the logfile is truncated to zero length; if mail is 
undeliverable it will be added back to the logfile. 
If the destination is not eligible for a fast flush 


logfile, this request is rejected (s below for 
status codes). 


TRIGGER REQ WAKEUP 
This wakeup request from the master is an alterna- 
tive way to request FLUSH REQ REFRESH. 


FLUSH REQ REFRESH (completes in the background) 
Refresh non-empty per-destination logfiles that 
were not read in fast flush refresh time hours, by 
simulating send requests (see above) for the corre- 
sponding destinations. 


Delete empty per-destination logfiles that were not 
updated in fast flush purge time days. 


FLUSH REQ PURGE (completes in the background) 
Refresh all non-empty per-destination logfiles, by 
simulating send requests (see above) for the corre- 
sponding destinations. This can be incredibly 
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xpensive when logging is enabled for many destina- 
tions, and is not recommended. 

Delete empty per-destination logfiles that were not 
updated in fast flush purge time days. 


The server response is one of: 


FLUSH STAT OK 
The request completed normally. 


FLUSH STAT BAD 
The flush server rejected the request (bad request 
name, bad request parameter value). 


FLUSH STAT FAIL 
The request failed. 


FLUSH STAT DENY 

The request was denied becaus the destination 
domain is not eligible for fast flush service, or 
because the fast flush service is disabled. 


SECURITY 

The fast flush server is not security-sensitive. It does 
not talk to the network, and it does not talk to local 
users. The fast flush server can run chrooted at fixed 
low privilege. 


DIAGNOSTICS 
Problems and transactions are logged to syslogd (8). 


BUGS 
Fast flush logfiles are truncated only after a 
FLUSH REQ SEND request, not when mail is actually deliv- 
ered, and therefore can accumulate outdated or redundant 
data. In order to maintain sanity, FLUSH REQ REFRESH must 
b xecuted periodically. This can be automated with a 
suitable wakeup timer setting in the master.cf configura- 
tion file. 


Upon receipt of a request to deliver all mail for an eli- 
gible destination, the flush server requests delivery of 
all messages that are listed in that destination's log- 
file, regardless of the recipients of those messages. This 
is not an issue for mail that is sent to a relay domains 
destination because such mail typically only has recipi- 
ents in one domain. 


FILES 
/var/spool/postfix/flush, location of "fast flush" logfiles. 


CONFIGURATION PARAMETERS 
See the Postfix main.cf file for syntax details and for 
default values. Use the postfix reload command after a 
configuration change. 


fast flush domains 
What destinations can have a "fast flush" logfile. 
By default, this is set to $relay domains. 


fast flush refresh time 
Refresh a non-empty "fast flush" logfile that was 


74_Mail_Services.sxw - 124 


Linux-Kurs Themen - Mail Services - June 14, 2009 Michel Bisson 


not read in this amount of time (default time unit: 
hours), by simulating a send request for the corre- 
sponding destination. 
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fast flush purge time 


Michel Bisson 


Remove an empty "fast flush" logfile that was not 


updated in this amount of time 


days). 


parent domain matches subdomains 


List of Postfix features that use 
terns to match sub.domain.tld (as 
requiring .domain.tld patterns). 
SEE ALSO 
smtpd(8) Postfix SMTP server 
qmgr(8) Postfix queue manager 
syslogd(8) system logging 
LICENSE 
The Secure Mailer license must be distributed 
software. 
AUTHOR (S) 


Wietse Venema 

IBM T.J. Watson Research 

P.O. Box 704 

Yorktown Heights, NY 10598, USA 


(default time unit: 


domain.tld pat- 


opposed to 


with this 


FLUSH (8) 
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SENDMAIL (1) SENDMAIL (1) 
NAME 

sendmail - Postfix to Sendmail compatibility interface 
SYNOPSIS 

sendmail [option ...] [recipient ...] 

mailg 


sendmail -bp 


newaliases 
sendmail -I 


DESCRIPTION 
The sendmail program implements the Postfix to Sendmail 
compatibility interface. For the sake of compatibility 
with existing applications, some Sendmail command-line 
options are recognized but silently ignored. 


By default, sendmail reads a message from standard input 
until EOF or until it reads a line with only a . charac- 
ter, and arranges for delivery. sendmail relies on the 
postdrop (1) command to create a queue file in the maildrop 
directory. 


Specific command aliases are provided for other common 
modes of operation: 


mailq List the mail queue. Each entry shows the queue 
file ID, message size, arrival time, sender, and 
the recipients that still need to be delivered. If 
mail could not be delivered upon the last attempt, 
the reason for failure is shown. This mode of oper- 
ation is implemented by executing the postqueue (1) 


command. 

newaliases 
Initialize the alias database. If no input file is 
specified (with the -oA option, see below), the 
program processes th file(s) specified with the 
alias database configuration parameter. If no 


alias database type is specified, the program uses 
the type specified with the default database type 
configuration parameter. This mode of operation is 
implemented by running the postalias(1) command. 


Note: it may take a minute or so before an alias 
database update becomes visible. Use the postfix 
reload command to eliminate this delay. 


These and other features can be selected by specifying the 
appropriate combination of command-line options. Some fea- 
tures are controlled by parameters in the main.cf configu- 
ration file. 

The following options are recognized: 


-Am (ignored) 


-Ac (ignored) 
Postfix sendmail uses the same configuration file 
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regardless of whether or not a message is an ini- 
tial submission. 

-B body type 

The message body MIME type: 7BIT or 8BITMIME. 


-C config file (ignored :-) 
The path name of the sendmail.cf file. Postfix con- 
figuration files are kept in /etc/postfix. 


-F full name 
Set the sender full name. This is used only with 
messages that have no From: message header. 


-G (ignored) 
Gateway (relay) submission, as opposed to initial 
user submission. 


-I Initialize alias database. See the newaliases com- 
mand above. 


-L label (ignored) 
The logging label. Use the syslog name configura- 
tion parameter instead. 


-N dsn (ignored) 
Delivery status notification control. Currently, 
Postfix does not implement DSN. 


-R return limit (ignored) 
Limit the size of bounced mail. Use the 
bounce size limit configuration parameter instead. 


-X log file (ignored) 
Log mailer traffic. Use the debug peer list and 
debug peer level configuration parameters instead. 


-U (ignored) 
Initial user submission. 


-V Variabl Envelop Return Path. Given an envelop 
sender address of the form owner-listname@origin, 
each recipient user@domain receives mail with a 
personalized envelope sender address. 


By default, the personalized nvelop sender 
address is owner-listnametuser=domain@origin. The 
default + and = characters are configurable with 
the default verp delimiters configuration parame- 
ter. 


-Vxy As -V, but uses x and y as the VERP delimiter char- 


acters, instead of the characters specified with 
the default verp delimiters configuration parame- 
ter. 

-bd Go into daemon mode. This mode of operation is 


implemented by executing the postfix start command. 


-bi Initialize alias database. See the newaliases com- 
mand above. 


-bm Read mail from standard input and arrange for 
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delivery. This is the default mode of operation. 


-bp List the mail queue. See the mailq command above. 

-bs Stand-alone SMTP server mode. Read SMTP commands 
from standard input, and write responses to stan- 
dard output. In stand-alone SMTP server mode, UCE 
restrictions and access controls are disabled by 
default. To enable them, run the process as the 


mail owner user. 


This mode of operation is implemented by running 


the smtpd(8) daemon. 


-f sender 
Set th nvelop sender address. This is the 
address where delivery problems are sent to, unless 
the message contains an Errors-To: message header. 


-h hop_count (ignored) 
Hop count limit. Use the hopcount limit configura- 
tion parameter instead. 


-i when reading a message from standard input, don't 
treat a line with only a . character as the end of 
input. 


-m (ignored) 
Backwards compatibility. 


-n (ignored) 
Backwards compatibility. 


-oAalias database 
Non-default alias database. Specify pathname or 
type:pathname. See postalias(1) for details. 


-07 (ignored) 


-08 (ignored) 
To send 8-bit or binary content, use an appropriate 
MIME encapsulation and specify the appropriate -B 
command-line option. 


-oi when reading a message from standard input, don't 
treat a line with only a . character as the end of 
input. 


-om (ignored) 
The sender is never eliminated from alias etc. 
expansions. 


-o x value (ignored) 
Set option x to value. Use the equivalent configu- 
ration parameter in main.cf instead. 


-r sender 
Set th nvelop sender address. This is the 
address where delivery problems are sent to, unless 
the message contains an Errors-To: messag header. 


-q Attempt to deliver all queued mail. This is imple- 
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mented by executing the postqueue (1) command. 


-qinterval (ignored) 
The interval between queue runs. Use the 
queue run delay configuration parameter instead. 


-qRsite 
Schedul immediat delivery of all mail that is 
queued for the named site. This option accepts only 
site names that are eligible for the "fast flush" 
service, and is implemented by executing the 
postqueue (1) command. See flush (8) for more infor- 
mation about the "fast flush" service. 

-qSsite 
This command is not implemented. Use the slower 


sendmail -q command instead. 


-t Extract recipients from messag headers. This 
requires that no recipients be specified on the command line. 


-v Enable verbose logging for debugging purposes. Mul- 
tiple -v options make the software increasingly 
verbose. For compatibility with mailx and other 
mail submission software, a single -v option pro- 
duces no output. 


SECURITY 
By design, this program is not set-user (or group) id. 
However, it must handle data from untrusted users or 
untrusted machines. Thus, the usual precautions need to 


be taken against malicious inputs. 


DIAGNOSTICS 
Problems are logged to syslogd(8) and to the standard 
error stream. 


ENVIRONMENT 
MAIL CONFIG 
Directory with Postfix configuration files. 


MAIL VERBOSE 
Enable verbose logging for debugging purposes. 


MAIL DEBUG 
Enable debugging with an external command, as spec- 
ified with the debugger command configuration 
parameter. 


FILES 
/var/spool/postfix, mail queue 
/etc/postfix, configuration files 


CONFIGURATION PARAMETERS 
See the Postfix main.cf file for syntax details and for 
default values. Use the postfix reload command after a 
configuration change. 


alias database 


Default alias database(s) for newaliases. The 
default value for this parameter is system-spe- 
cific. 
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bounce size limit 
The amount of original message context that is sent 
along with a non-delivery notification. 


default database type 
Default alias etc. database type. On many UNIX sys- 
tems the default type is either dbm or hash. 
debugger command 
Command that is executed after a Postfix daemon has 
initialized. 


debug peer level 


Increment in verbose logging level when a remote 
host matches a pattern in the debug peer list 
parameter. 


debug peer list 
List of domain or network patterns. When a remote 
host matches a pattern, increase the verbose log- 
ging level by the amount specified in the 
debug peer level parameter. 


default verp delimiters 
The VERP delimiter characters that are used when 
the -V command line option is specified without 
delimiter characters. 


fast flush domains 
List of domains that will receive "fast flush" ser- 
vice (default: all domains that this system is 
willing to relay mail to). This list specifies the 
domains that Postfix accepts in the SMTP ETRN 
request and in the sendmail -qR command. 


fork attempts 
Number of attempts to fork() a process before giv 
ing up. 


fork delay 
Delay in seconds between successive fork () 
attempts. 


hopcount limit 
Limit the number of Received: message headers. 


mail owner 
The owner of the mail queue and of most Postfix 
processes. 


command directory 
Directory with Postfix support commands. 


daemon directory 
Directory with Postfix daemon programs. 


queue directory 


Top-level directory of the Postfix queue. This is 
also the root directory of Postfix daemons that run 
chrooted. 


queue run delay 
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The time between successive scans of the deferred 
queue. 


verp delimiter filter 
The characters that Postfix accepts as VERP delim- 
iter characters. 
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PROXYMAP (8) PROXYMAP (8) 


NAME 
proxymap - Postfix lookup table proxy server 


SYNOPSIS 
proxymap [generic Postfix daemon options] 


DESCRIPTION 
The proxymap server provides read-only table lookup ser- 
vice to Postfix client processes. The purpose of the ser- 
vice is: 


oO To overcome chroot restrictions. For example, a 
chrooted SMTP server needs access to the system 
passwd file in order to reject mail for non-exis- 


tent local addresses, but it is not practical to 
maintain a copy of the passwd file in the chroot 
jail. The solution: 


local recipient maps = 
proxy:unix:passwd.byname Salias maps 


u 


To consolidate the number of open lookup tables by 
sharing one open table among multiple processes. 
For example, making mysql connections from every 
Postfix daemon process results in "too many connec- 
tions" errors. The solution: 


virtual alias maps = 
proxy:mysql:/etc/postfix/virtual_ alias, cf 


The total number of connections is limited by the 
number of proxymap server processes. 


The proxymap server implements the following requests: 


PROXY REQ OPEN maptype:mapname flags 
Open the table with type maptype and name mapname, 
as controlled by flags. The reply is the request 
completion status code (below) and the map type 
dependent flags. 


PROXY REQ LOOKUP maptype:mapname flags key 
Look up the data stored under th requested key. 
The reply is the request completion status code 
(below) and the lookup result value. The map- 
type:mapname and flags are the same as with the 
PROXY REQ OPEN request. 


There is no close command, nor are tables implicitly 
closed when a client disconnects. One of the purposes of 
the proxymap server is to share tables among multiple 
client processes. 


The request completion status code is one of: 
PROXY STAT OK 
The specified table was opened, or the requested 


entry was found. 


PROXY STAT NOKEY 
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The requested table entry was not found. 
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SERVER 


PROXY STAT BAD 


Michel Bisson 


The request was rejected (bad request parameter 


value). 


PROXY STAT RETRY 
The lookup request could not be completed. 


PROXY STAT DENY 
The specified table was not approved for acces 
the proxymap service. 


PROCESS MANAGEMENT 


s via 


The proxymap servers run under control by the Postfix mas- 
ter server. Each server can handle multiple simultaneous 
connections. When all servers are busy while a client 
connects, the master creates a new proxymap Server pro- 


cess, provided that the proxymap server process limi 
not exceeded. Each proxymap server terminates after 
ing at least $max use clients or after max idle se 
of idle time. 


Co ES 
serv- 
conds 


SECURITY 

The proxymap server opens only tables that are approved 
via the proxy read maps configuration parameter, does not 
talk to users, and can run at fixed low privilege, 
chrooted or not. However, running the proxymap server 
chrooted severely limits usability, because it can open 
only chrooted tables. 

The proxymap server is not a trusted daemon process, and 


must not be used to look up sensitive information such as 
user or group IDs, mailbox file/directory names or exter- 


nal commands. 


DIAGNOSTICS 


Problems and transactions are logged to syslogd (8). 


BUGS 
The proxymap server provides service to multiple clients, 
and must therefore not be used for tables that have high- 
latency lookups. 

CONFIGURATION PARAMETERS 
The following main.cf parameters ar specially relevant 


to this program. Use the postfix reload command after a 


configuration change. 


proxy read maps 


A list of zero or more parameter values that may 


contain references to Postfix lookup tables. 


Only 
are 


tabl references that begin with proxy: 
approved for read-only access via the proxymap 
server. 
SEE ALSO 
dict _proxy(3) proxy map client 
LICENSE 
The Secure Mailer license must be distributed with this 
software. 
AUTHOR (S) 


Wietse Venema 
IBM T.J. Watson Research 
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P.O. Box 704 
Yorktown Heights, NY 10598, USA 
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SPAWN (8 SPAWN (8 


NAME 
spawn - Postfix external command spawner 


SYNOPSIS 
spawn [generic Postfix daemon options] command attributes... 


DESCRIPTION 
The spawn daemon provides the Postfix equivalent of inetd. 
It listens on a port as specified in the Postfix master.cf 
file and spawns an external command whenever a connection 
is established. The connection can be made over local IPC 
(such as UNIX-domain sockets) or over non-local IPC (such 


as TCP sockets). The command's standard input, output and 
error streams are connected directly to the communication 
endpoint. 


This daemon expects to be run from the master(8) process 
manager. 


COMMAND ATTRIBUTE SYNTAX 
The external command attributes are given in the master.cf 
file at the end of a service definition. The syntax is as 
follows: 


user=username (required) 


user=username: groupname 
The external command is executed with the rights of 
the specified username. The software refuses to 
execute commands with root privileges, or with the 
privileges of the mail system owner. If groupname 
is specified, the corresponding group ID is used 
instead of the group ID of of username. 


argv=command... (required) 
The command to be executed. This must be specified 
as the last command attribute. The command is exe- 


cuted directly, i.e. without interpretation of 
shell meta characters by a shell command inter- 


preter. 
BUGS 
In order to enforce standard Postfix process resource con- 
trols, the spawn daemon runs only one external command at 
a time. As such, it presents a noticeabl overhead by 
wasting precious process resources. The spawn daemon is 
expected to be replaced by a more structural solution. 
DIAGNOSTICS 
The spawn daemon reports abnormal child exits. Problems 
are logged to syslogd (3). 
SECURITY 


This program needs root privilege in order to execut 

external commands as the specified user. It is therefore 
security sensitive. However the spawn daemon does not 
talk to the external command and thus is not vulnerable to 
data-driven attacks. 
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CONFIGURATION PARAMETERS 
The following main.cf parameters ar 
to this program. See the Postfix main.cf file 
details and for default values. 
command after a configuration change. 


Miscellaneous 
export environment 


Michel Bisson 


specially relevant 
for 
Use the postfix reload 


syntax 


List of names of environment parameters that can be 


exported to non-Postfix processes. 


mail owner 
The process privileges 
external command. 


Resource control 
service command time limit 


The amount of time the command is 
before it is killed with force. 

the name of the entry in the master.cf 
default time limit is given 


SEE ALSO 
master(8) process manager 


syslogd(8) system logging 
LICENSE 
The Secure Mailer license must be distributed 
software. 
AUTHOR (S) 
Wietse Venema 
IBM T.J. Watson Research 
P.O. Box 704 
Yorktown Heights, NY 10598, USA 


allowed to 
The service name is 


used while not running an 


run 


file. The 


by the global com- 
mand time limit configuration parameter. 


with this 
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Postfix tools 


Enough daemon talk. The anatomy lesson ends with an introduction to command-line 
utilities for day-to-day use of the Postfix mail system. Besides the sendmail, mag, and 
newaliases commands that were already introduced, the Postfix system comes with it own 
collection of utilities. For consistency, these are all named postsomething. 


The postfix command controls the operation of the mail system. It is the interface for 
starting and stopping the mail system, and for some other administrative operations. 
This command is reserved to the super-user. 


The postalias command maintains Postfix alias databases. This is the program 
behind the newaliases command. 


The postcat command displays the contents of Postfix queue files. This is a limited, 
preliminary utility. This program is likely to be superseded by something more 
powerful that can also edit Postfix queue files. 


The postconf command displays Postfix main.cf parameters: actual values, default 
values, or parameters that have non-default settings. This is a limited, preliminary 
utility. This program is likely to be superseded by something more powerful that can 
not only list but also edit the main.cf file. 


The postdrop command is the mail posting utility that is run by the sendmail 
command in order to deposit mail into the maildrop queue directory. 


The postkick command makes some internal communication channels available for 
use in, for example, shell scripts. 


The postlock command provides Postfix-compatible mailbox locking for use in, for 
example, shell scripts. 


The postlog command provides Postfix-compatible logging for shell scripts. 


The postmap command maintains Postfix lookup tables such as canonical, virtual 
and others. It is a cousin of the UNIX makemap command. 


The postqueue command is the utility that is run by the sendmail command in order 
to flush or list the mail queue. 


The postsuper command maintains the Postfix queue. It removes old temporary 
files, and moves queue files into the right directory after a change in the hashing 
depth of queue directories. This command is run at mail system startup time. 
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POSTFIX (1) POSTFIX (1) 
NAME 
postfix - Postfix control program 
SYNOPSIS 
postfix [-Dv] [-c config dir] command 
DESCRIPTION 


m 


his command is reserved for the superuser. To submit 
mail, use the Postfix sendmail command. 


m 


he postfix command controls the operation of the Postfix 
mail system: start or stop the master daemon, do a health 
check, and other maintenance. 


The postfix command sets up a standardized environment and 
runs the postfix-script shell script to do the actual 
work. 


The following commands are implemented: 


check Validate the Postfix mail system configuration. 
Warn about bad directory/file ownership or permis- 
sions, and create missing directories. 


start Start the Postfix mail system. This also runs the 
configuration check described above. 


stop Stop the Postfix mail system in an orderly fashion. 
Running processes are allowed to terminate at their 
earliest convenience. 


Note: in order to refresh the Postfix mail system 
after a configuration change, do not use the start 
and stop commands in succession. Use the reload 
command instead. 


abort Stop the Postfix mail system abruptly. Running pro- 
cesses are signaled to stop immediately. 


flush Force delivery: attempt to deliver every message in 
the deferred mail queue. Normally, attempts to 
deliver delayed mail happen at regular intervals, 
the interval doubling after each failed attempt. 


reload Re-read configuration files. Running processes ter- 
minate at their earliest convenience. 


The following options are implemented: 


-c config dir 
Read the main.cf and master.cf configuration files 
in the named directory instead of the default con- 


figuration directory. Use this to distinguish 
between multiple Postfix instances on the same 
host. 


-D (with postfix start only) 
Run each Postfix daemon under control of a debugger 
as specified via the debugger command configuration 
parameter. 


-v Enable verbose logging for debugging purposes. Mul- 
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tiple -v options make the software increasingly 
verbose. 
ENVIRONMENT 
The postfix command exports the following environment 
variables befor xecuting the postfix-script file: 


MAIL CONFIG 
This is set when the -c command-line option is pre- 
sent. 


MAIL VERBOSE 
This is set when the -v command-line option is pre- 


sent. 

MAIL DEBUG 
This is set when the -D command-line option is pre- 
sent. 

The following main.cf configuration parameters are 


xported as environment variables with the same names: 


command directory 
Directory with Postfix administrative commands. 


daemon directory 
Directory with Postfix daemon prograns. 


config directory 
Directory with Postfix configuration files and with 
administrative shell scripts. 


queue directory 
The directory with Postfix queue files, with local 
inter-process communication endpoints, and with 
files needed for daemon programs that run in the 
optional chrooted environment. 


mail owner 
The owner of Postfix queue files and of most Post- 
fix processes. 


setgid group 
The group for mail submission and queue management 
commands. 


sendmail path 
The full pathname for the Postfix sendmail command. 


newaliases path 
The full pathname for the Postfix newaliases com- 
mand. 


mailq path 
The full pathname for the Postfix mailq command. 


manpage directory 
The directory for the Postfix on-line manual pages. 


sample directory 
The directory for the Postfix sample configuration 
files. 
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readme directory 
The directory for the Postfix R 


EADME 


files. 
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Other configuration parameters 
import environment 
List of names of environment parameters that can be 
imported from non-Postfix processes. 


FILES 
$config directory/postfix-script, administrative commands 
$config directory/main.cf, configuration parameters 
$config directory/master.cf, Postfix daemon processes 

SEE ALSO 
postconf (1) Postfix configuration management 
postsuper (1) Postfix housekeeping 
sendmail(1) Sendmail-compatible interface 
postmap (1) Postfix lookup table management 
master (8) Postfix master daemon 
The respective manual pages for the daemon processes spec- 
ified in the master.cf file, and the manual pages refer- 
enced by those manual pages. 

LICENSE 
The Secure Mailer license must be distributed with this 
software. 

AUTHOR (S) 


Wietse Venema 

IBM T.J. Watson Research 

P.O. Box 704 

Yorktown Heights, NY 10598, USA 


POSTFIX (1) 
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POSTALIAS (1) POSTALIAS (1) 


NAME 
postalias - Postfix alias database maintenance 
SYNOPSIS 
postalias [-Nfinorvw] [-c config dir] [-d key] [-q key] 
file type:]file_ name 
DESCRIPTION 


m 


a 
S 


Fh ct Hi 


he postalias command creates or queries one or more Post- 
ix alias databases, or updates an existing one. The input 
nd output file formats are expected to be compatible with 
endmail version 8, and are expected to be suitable for 
he use as NIS alias maps. 


f the result files do not exist they will be created with 
he same group and other read permissions as the source 
ile. 


While a database update is in progress, signal delivery is 
postponed, and an exclusive, advisory, lock is placed on 
the entire database, in order to avoid surprises in spec- 
tator programs. 

Options: 

-N Include the terminating null character that termi- 


nates lookup keys and values. By default, Postfix 
does whatever is the default for the host operating 
system. 


ce config dir 


Read the main.cf configuration file in the named 
directory instead of the default configuration 
directory. 


d key Search the specified maps for key and remove one 
entry per map. The exit status is zero when the 
requested information was found. 


If a key value of - is specified, the program reads 
key values from the standard input stream. The exit 
status is zero when at least one of the requested 
keys was found. 


f Do not fold the lookup key to lower case while cre- 
ating or querying a map. 


i Incremental mode. Read entries from standard input 
and do not truncate an existing database. By 
default, postalias creates a new database from the 
entries in file name. 


n Don't include the terminating null character that 
terminates lookup keys and values. By default, 
Postfix does whatever is the default for the host 
operating system. 


o Do not release root privileges when processing a 
non-root input file. By default, postalias drops 
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root privileges and runs as the sourc fil owner 
instead. 


-q key Search the specified maps for key and print the 
first value found on the standard output stream. 
The exit status is zero when the requested informa- 
tion was found. 


If a key value of - is specified, the program reads 
key values from the standard input stream and 
prints one line of key: value output for each key 
that was found. The exit status is zero when at 
least one of the requested keys was found. 


-r when updating a table, do not warn about duplicate 
entries; silently replace them. 


-v Enable verbose logging for debugging purposes. Mul- 
tiple -v options make the software increasingly 
verbose. 

-wW When updating a table, do not warn about duplicate 


entries; silently ignore them. 


Arguments: 


file type 
The type of database to be produced. 


btree The output is a btree file, named 
file name, dp. This is available only on 
systems with support for db databases. 


dbm The output consists of two files, named 
file name.pag and file name.dir. This is 
available only on systems with support for 
dbm databases. 


hash The output is a hashed file, named 
file name.db. This is available only on 
systems with support for db databases. 


Use the command postconf -m to find out what types 
of database your Postfix installation can support. 


When no file type is specified, the software uses 
the database type specified via the 
default database type configuration parameter. The 
default value for this parameter depends on the 
host environment. 


file_name 
The name of the alias database source file when 
creating a database. 


DIAGNOSTICS 
Problems are logged to the standard error stream. No out- 
put means no problems were detected. Duplicat ntries ar 


skipped and are flagged with a warning. 


postalias terminates with zero exit status in case of suc- 
cess (including successful postalias -q lookup) and termi- 
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nates with non-zero exit status in case of failure. 


ENVIRONMENT 
MAIL CONFIG 
Directory with Postfix configuration files. 


MAIL VERBOSE 
Enable verbose logging for debugging purposes. 


CONFIGURATION PARAMETERS 
The following main.cf parameters ar specially relevant 
to this program. See the Postfix main.cf file for syntax 
details and for default values. 


default database type 
Default database type. On many UNIX systems, the 
default type is either dbm or hash. 


berkeley db create buffer size 
Amount of buffer memory to be used when creating a 
Berkeley DB hash or btree lookup table. 


berkeley db read buffer size 
Amount of buffer memory to be used when reading a 
Berkeley DB hash or btree lookup table. 


STANDARDS 
RFC 822 (ARPA Internet Text Messages) 


SEE ALSO 
aliases(5) format of alias database input file. 
sendmail(1) mail posting and compatibility interface. 


LICENSE 
The Secure Mailer license must be distributed with this 
software. 

AUTHOR (S) 


Wietse Venema 

IBM T.J. Watson Research 

P.O. Box 704 

Yorktown Heights, NY 10598, USA 


POSTALIAS (1) 
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POSTCAT (1) POSTCAT (1) 
NAME 

postcat - show Postfix queue file contents 
SYNOPSIS 


postcat [-v] [files...] 


DESCRIPTION 
The postcat command prints the contents of the named Post- 
fix queue files in human-readable form. If no files are 
specified on the command line, the program reads from 
standard input. 


Options: 

-v Enable verbose logging for debugging purposes. Mul- 
tiple -v options make the software increasingly 
verbose. 

DIAGNOSTICS 


Problems are reported to the standard error strean. 


LICENSE 
The Secure Mailer license must be distributed with this 
software. 

AUTHOR (S) 


Wietse Venema 

IBM T.J. Watson Research 

P.O. Box 704 

Yorktown Heights, NY 10598, USA 


POSTCAT (1) 
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SENDMAIL (1 
NAME 

sendmail - Postfix to Sendmail compatibility interface 
SYNOPSIS 

sendmail [option ...] [recipient ...] 

mailg 


sendmail -bp 


newaliases 
sendmail -I 


DESCRIPTION 


The sendmail program implements the Postfix to Sendmail 
compatibility interface. For the sake of compatibility 
with existing applications, some Sendmail command-line 


options are recognized but silently ignored. 


By default, sendmail reads a message from standard input 
until EOF or until it reads a line with only a . charac- 
ter, and arranges for delivery. sendmail relies on the 
postdrop (1) command to create a queue file in the maildrop 
directory. 


Specific command aliases are provided for other common 
modes of operation: 


mailq List the mail queue. Each entry shows the queue 
file ID, message size, arrival time, sender, and 
the recipients that still need to be delivered. If 
mail could not be delivered upon the last attempt, 
the reason for failure is shown. This mode of oper- 
ation is implemented by executing the postqueue (1) 


command. 

newaliases 
Initialize the alias database. If no input file is 
specified (with the -oA option, see below), the 
program processes th file(s) specified with the 
alias database configuration parameter. If no 


alias database type is specified, the program uses 
the type specified with the default database type 
configuration parameter. This mode of operation is 
implemented by running the postalias(1) command. 


Note: it may take a minute or so before an alias 
database update becomes visible. Use the postfix 
reload command to eliminate this delay. 


These and other features can be selected by specifying the 
appropriate combination of command-line options. Some fea- 
tures are controlled by parameters in the main.cf configu- 
ration file. 


The following options are recognized: 
-Am (ignored) 


-Ac (ignored) 
Postfix sendmail uses the same configuration file 
regardless of whether or not a message is an ini- 
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tial submission. 


-B body type 
The message body MIME type: 7BIT or 8BITMIME. 


-C config file (ignored :-) 
The path name of the sendmail.cf file. Postfix con- 
figuration files are kept in /etc/postfix. 


-F full name 
Set the sender full name. This is used only with 
messages that have no From: message header. 


-G (ignored) 
Gateway (relay) submission, as opposed to initial 
user submission. 


-I Initialize alias database. See the newaliases com- 
mand above. 


-L label (ignored) 
The logging label. Use the syslog name configura- 
tion parameter instead. 


-N dsn (ignored) 
Delivery status notification control. Currently, 
Postfix does not implement DSN. 


-R return limit (ignored) 
Limit the size of bounced mail. Use the 
bounce size limit configuration parameter instead. 


-X log file (ignored) 
Log mailer traffic. Use the debug peer list and 
debug peer level configuration parameters instead. 


-U (ignored) 
Initial user submission. 


-V Variabl Envelop Return Path. Given an envelop 
sender address of the form owner-listname@origin, 
each recipient user@domain receives mail with a 
personalized envelope sender address. 


By default, the personalized nvelop sender 
address is owner-listnametuser=domain@origin. The 
default + and = characters are configurable with 
the default verp delimiters configuration parame- 
ter. 


-Vxy As -V, but uses x and y as the VERP delimiter char- 


acters, instead of the characters specified with 
the default verp delimiters configuration parame- 
ter. 

-bd Go into daemon mode. This mode of operation is 


implemented by executing the postfix start command. 


-bi Initialize alias database. See the newaliases com- 
mand above. 


-bm Read mail from standard input and arrange for 
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delivery. This is the default mode of operation. 


-bp List the mail queue. See the mailq command above. 

-bs Stand-alone SMTP server mode. Read SMTP commands 
from standard input, and write responses to stan- 
dard output. In stand-alone SMTP server mode, UCE 
restrictions and access controls are disabled by 
default. To enable them, run the process as the 


mail owner user. 


This mode of operation is implemented by running 


the smtpd(8) daemon. 


-f sender 
Set th nvelop sender address. This is the 
address where delivery problems are sent to, unless 
the message contains an Errors-To: message header. 


-h hop_count (ignored) 
Hop count limit. Use the hopcount limit configura- 
tion parameter instead. 


-i when reading a message from standard input, don't 
treat a line with only a . character as the end of 
input. 


-m (ignored) 
Backwards compatibility. 


-n (ignored) 
Backwards compatibility. 


-oAalias database 
Non-default alias database. Specify pathname or 
type:pathname. See postalias(1) for details. 


-07 (ignored) 


-08 (ignored) 
To send 8-bit or binary content, use an appropriate 
MIME encapsulation and specify the appropriate -B 
command-line option. 


-oi when reading a message from standard input, don't 
treat a line with only a . character as the end of 
input. 


-om (ignored) 
The sender is never eliminated from alias etc. 
expansions. 


-o x value (ignored) 
Set option x to value. Use the equivalent configu- 
ration parameter in main.cf instead. 


-r sender 
Set th nvelop sender address. This is the 
address where delivery problems are sent to, unless 
the message contains an Errors-To: messag header. 


-q Attempt to deliver all queued mail. This is imple- 
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mented by executing the postqueue (1) command. 


-qinterval (ignored) 
The interval between queue runs. Use the 
queue run delay configuration parameter instead. 


-qRsite 
Schedul immediat delivery of all mail that is 
queued for the named site. This option accepts only 
site names that are eligible for the "fast flush" 
service, and is implemented by executing the 
postqueue (1) command. See flush (8) for more infor- 
mation about the "fast flush" service. 

-qSsite 
This command is not implemented. Use the slower 


sendmail -q command instead. 


-t Extract recipients from messag headers. This 
requires that no recipients be specified on the 
command line. 


-v Enable verbose logging for debugging purposes. Mul- 
tiple -v options make the software increasingly 
verbose. For compatibility with mailx and other 
mail submission software, a single -v option pro- 
duces no output. 


SECURITY 
By design, this program is not set-user (or group) id. 
However, it must handle data from untrusted users or 
untrusted machines. Thus, the usual precautions need to 


be taken against malicious inputs. 


DIAGNOSTICS 
Problems are logged to syslogd(8) and to the standard 
error stream. 


ENVIRONMENT 
MAIL CONFIG 
Directory with Postfix configuration files. 


MAIL VERBOSE 


m 


nable verbose logging for debugging purposes. 


MAIL DEBUG 
Enable debugging with an external command, as spec- 
ified with the debugger command configuration 
parameter. 


FILES 
/var/spool/postfix, mail queue 
/etc/postfix, configuration files 


CONFIGURATION PARAMETERS 
See the Postfix main.cf file for syntax details and for 
default values. Use the postfix reload command after a 
configuration change. 


alias database 
Default alias database(s) for newaliases. The 
default value for this parameter is system-spe- 
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cific.: 
bounce size limit 


The amount of original message context that is sent 
along with a non-delivery notification. 
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default database type 
Default alias etc. database type. On many UNIX sys- 
tems the default type is either dbm or hash. 


debugger command 
Command that is executed after a Postfix daemon has 
initialized. 


debug peer level 


Increment in verbose logging level when a remote 
host matches a pattern in the debug peer list 
parameter. 


debug peer list 
List of domain or network patterns. When a remote 
host matches a pattern, increase the verbose log- 
ging level by the amount specified in the 
debug peer level parameter. 


default verp delimiters 
The VERP delimiter characters that are used when 
the -V command line option is specified without 
delimiter characters. 


fast flush domains 
List of domains that will receive "fast flush" ser- 
vice (default: all domains that this system is 
willing to relay mail to). This list specifies the 
domains that Postfix accepts in the SMTP ETRN 
request and in the sendmail -qR command. 


fork attempts 
Number of attempts to fork() a process before giv- 
ing up. 


fork delay 
Delay in seconds between successive fork() attempts. 


hopcount limit 
Limit the number of Received: message headers. 


mail owner 
The owner of the mail queue and of most Postfix 
processes. 


command directory 
Directory with Postfix support commands. 


daemon directory 
Directory with Postfix daemon prograns. 


queue directory 


Top-level directory of the Postfix queue. This is 
also the root directory of Postfix daemons that run 
chrooted. 


queue run delay 
The time between successive scans of the deferred 
queue. 


verp delimiter filter 
The characters that Postfix accepts as VERP delim- 
iter characters. 
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POSTCONF (1) POSTCONF (1) 
NAME 
postconf - Postfix configuration utility 
SYNOPSIS 
postconf [-dhmlnv] [-c config dir] [parameter ...] 
postconf [-ev] [-c config dir] [parameter=value ...] 
DESCRIPTION 
The postconf command prints the actual value of parameter (all known 
parameters by default) one parameter per line, changes its value, or 


prints other information about the Postfix mail system. 


Options: 

-c config dir 
The main.cf configuration file is in the named 
directory instead of the default configuration 
directory. 

-d Print default parameter settings instead of actual 
settings. 

-e Edit the main.cf configuration file. The file is 


copied to a temporary file then renamed into place. 
Parameters and values are specified on the command 
line. Use quotes in order to protect shell 
metacharacters and whitespace. 


-h Show parameter values only, not the "name = '' 
label that normally precedes the valu 


-1 List the names of all supported mailbox locking 
methods. Postfix supports the following methods: 


flock A kernel-based advisory locking method for 
local files only. This locking method is 
available only on systems with a BSD compat- 
ible library. 


fentl A kernel-based advisory locking method for 
local and remote files. 


dotlock An application-level locking method. An 
application locks a file named filename by 
creating a fil named filename.lock. The 
application is expected to remove its own 


lock file, as well as stale lock files that 
were left behind after abnormal termination. 


-m List the names of all supported lookup table types. 
Postfix lookup tables are specified as type:name, 
where type is one of the types listed below. The 
table name syntax depends on the lookup table type. 


btree A sorted, balanced tree structure. This is 
available only on systems with support for 
Berkeley DB databases. 


dbm An indexed file type based on hashing. This 
is available only on systems with support 
for DBM databases. 


environ 


The UNIX process environment array. The 
lookup key is the variable name. Originally 
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implemented for testing, someone may find 


this useful someday. 

hash An indexed file type based on hashing. This 
is available only on systems with support 
for Berkeley DB databases. 


ldap (read-only) 
Perform lookups using the LDAP protocol. 
This is described in an LDAP README file. 


mysql (read-only) 
Perform lookups using the MYSQL protocol. 
This is described in a MYSQL README file. 


pere (read-only) 
A lookup table based on Perl Compatible Reg- 
ular Expressions. The file format is 


described in pere table(5). 


proxy (read-only) 
A lookup table that is implemented via the 
Postfix roxymap (8) service. The table nam 
syntax is type:name. 


regexp (read-only) 
A lookup table based on regular expressions. 
The file format is described in reg- 


exp table (5). 


static (read-only) 
A table that always returns its name as 
lookup result. For example, static:foobar 
always returns the string foobar as lookup 


unix (read-only) 
A limited way to query the UNIX authentica- 


Michel Bisson 


result. 


tion database. The following tables ar 


unix: passwd.byname 
The table is the UNIX password 
database. The key is a login name. 
The result is a password file entry 
in passwd(5) format. 


unix: group .byname 

The table is the UNIX group 
database. The key is a group name. 
The result is a group file entry in 
group(5) format. 


implemented: 


Other table types may exist depending on how Postfix was built. 
-n Print non-default parameter settings only. 
-v Enable verbose logging for debugging purposes. Mul- 
tiple -v options make the software increasingly 
verbose. 
DIAGNOSTICS Problems are reported to the standard error stream. 
ENVIRONMENT 
MAIL CONFIG Directory with Postfix configuration files. 
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POSTDROP (1) POSTDROP (1) 
NAME 


postdrop - Postfix mail posting utility 


SYNOPSIS 
postdrop [-rv] [-c config dir] 


DESCRIPTION 
The postdrop command creates a file in the maildrop direc- 
tory and copies its standard input to the file. 


Options: 


-c The main.cf configuration file is in the named 
directory instead of the default configuration 
directory. See also the MAIL CONFIG environment 
setting below. 


-r Use a Postfix-internal protocol for reading the 
message from standard input, and for reporting sta- 
tus information on standard output. This is cur- 
rently the only supported method. 


-v Enable verbose logging for debugging purposes. Mul- 
tiple -v options make the software increasingly 
verbose. 


SECURITY 

The command is designed to run with set-group ID privi- 
leges, so that it can write to the maildrop queue direc- 
tory and so that it can connect to Postfix daemon pro- 
cesses. 


DIAGNOSTICS 
Fatal errors: malformed input, I/O error, out of memory. 
Problems are logged to syslogd(8) and to the standard 
error stream. When the input is incomplete, or when the 
process receives a HUP, INT, QUIT or TERM signal, the 
queue file is deleted. 


ENVIRONMENT 
MAIL CONFIG 
Directory with the main.cf file. In order to avoid 
exploitation of set-group ID privileges, it is not 
possible to specify arbitrary directory names. 


A non-standard directory is allowed only if the 
name is listed in the standard main.cf file, in the 
alternate config directories configuration parameter value. 


Only the superuser is allowed to specify arbitrary 
directory names. 


FILES 
/var/spool/postfix, mail queue 
/etc/postfix, configuration files 


CONFIGURATION PARAMETERS 
See the Postfix main.cf file for syntax details and for 
default values. Use the postfix reload command after a 
configuration change. 
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import environment 
List of names of environment parameters that can be 
imported from non-Postfix processes. 


queue directory 


Top-level directory of the Postfix queue. This is 
also the root directory of Postfix daemons that run 
chrooted. 


SEE ALSO 
sendmail(1) compatibility interface 
syslogd (8) system logging 


LICENSE 
The Secure Mailer license must be distributed with this 
software. 

AUTHOR (S) 


Wietse Venema 

IBM T.J. Watson Research 

P.O. Box 704 

Yorktown Heights, NY 10598, USA 


POSTDROP (1) 
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POSTKICK (1) POSTKICK (1) 
NAME 


postkick - kick a Postfix service 


SYNOPSIS 
postkick [-c config dir] [-v] class service request 
DESCRIPTION 

The postkick command sends request to the specified ser- 

vice over a local transport channel. This command makes 

Postfix private IPC accessible for use in, for example, 

shell scripts. 

Options: 

-c config dir 
Read the main.cf configuration file in the named 
directory instead of the default configuration 
directory. 

-v Enable verbose logging for debugging purposes. Mul- 
tiple -v options make the software increasingly 
verbose. 

Arguments: 

class Name of a class of local transport channel end- 
points, either public (accessible by any local 
user) or private (administrative access only). 

service 
The name of a local transport endpoint within the 
named class. 

request 
A string. The list of valid requests is service- 
specific. 

DIAGNOSTICS 
Problems and transactions are logged to the standard error 
stream. 

ENVIRONMENT 


MAIL CONFIG 


Directory with Postfix configuration files. 


MAIL VERBOSE 


CONFIGURATION PARAMETERS 
The following main.cf parameters ar 


Enable verbose logging for debugging purposes. 


to this program. 
details and for default values. 
queue directory 
Location of the Postfix queue, 
communication endpoints. 


See the Postfix main. 


specially relevant 
cf file for syntax 


and of the local IPC 
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POSTLOCK (1) POSTLOCK (1) 
NAME 


postlock - lock mail folder and execute command 


SYNOPSIS 
postlock [-c config dir] [-1 lock style] [-v] file com- 
mand... 

DESCRIPTION 
The postlock command locks file for exclusive access, and 


executes command. The locking method is compatible with 
the Postfix UNIX-style local delivery agent. 


Options: 


-c config dir 


Read the main.cf configuration file in the named 
directory instead of the default configuration 
directory. 


-1 lock style 
Override the locking method specified via the mail- 


box delivery lock configuration parameter (see 
below). 

-v Enable verbose logging for debugging purposes. Mul- 
tiple -v options make the software increasingly 
verbose. 


Arguments: 


file A mailbox file. The user should have read/write 


permission. 

command... 
The command to execute while file is locked for 
exclusive access. The command is executed 


directly, i.e. without interpretation by a shell 
command interpreter. 


DIAGNOSTICS 
The result status is 75 (EX_TEMPFAIL) when postlock could 
not perform the requested operation. Otherwise, th xit 
status is the exit status from the command. 


BUGS 
With remote file systems, the ability to acquire a lock 
does not necessarily eliminate access conflicts. Avoid 
file access by processes running on different machines. 
ENVIRONMENT 


MAIL CONFIG 
Directory with Postfix configuration files. 


MAIL VERBOSE 
Enable verbose logging for debugging purposes. 


CONFIGURATION PARAMETERS 
The following main.cf parameters ar specially relevant 
to this program. See the Postfix main.cf file for syntax 
details and for default values. 
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Locking controls 
deliver lock attempts 
Limit the number of attempts to acquire an exclu- 
sive lock. 


deliver lock delay 
Time in seconds between successive attempts to 
acquire an exclusive lock. 


stale lock time 
Limit the time after which a stale lock is removed. 


mailbox delivery lock 
What file locking method(s) to use when delivering 
to a UNIX-style mailbox. The default setting is 
system dependent. For a list of available file 
locking methods, use the postconf -1 command. 


Resource controls 
fork attempts 
Number of attempts to fork() a process before giv- 


ing up. 
fork delay 
Delay in seconds between successive fork() 
attempts. 
LICENSE 
The Secure Mailer license must be distributed with this 
software. 
AUTHOR (S) 


Wietse Venema 

IBM T.J. Watson Research 

P.O. Box 704 

Yorktown Heights, NY 10598, USA 
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POSTLOG (1) POSTLOG (1) 
NAME 


postlog - Postfix-compatible logging utility 


SYNOPSIS 
postlog [-iv] [-c config dir] [-p priority] 
Kettel 


DESCRIPTION 


[-t tag] 


The postlog command implements a Postfix-compatible log- 


ging interface for use in, for example, shel 


line, postlog reads from standard input 
input line as one record. 


1 scripts. 


By default, postlog logs the text given on the command 
line as one record. If no text is specified on the command 


and logs each 


tandard error 
is sent there 


Logging is sent to syslogd(8); when the s 
stream is connected to a terminal, logging 
as well. 


The following options are implemented: 


-c config dir 
Read the main.cf configuration file 


in the named 


directory instead of the default 


directory. 
-i Include the process ID in the logging 
-p priority 


configuration 


tag. 


Specifies the logging severity: info (default), 


warn, error, fatal, or panic. 


-t tag Specifies the logging tag, that is, the identifying 


name that appears at the beginning of 
record. 


-v Enable verbose logging for debugging purposes. Mul- 


tiple -v options make the software 
verbose. 


SEE ALSO 
syslogd(8) syslog daemon. 


each logging 


increasingly 


LICENSE 
The Secure Mailer license must be distributed with this 
software. 

AUTHOR (S) 


Wietse Venema 

IBM T.J. Watson Research 

P.O. Box 704 

Yorktown Heights, NY 10598, USA 
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POSTMAP (1) POSTMAP (1) 


NAME 
postmap - Postfix lookup table management 

SYNOPSIS 
postmap [-Nfinorvw] [-c config dir] [-d key] [-q key] 
[file type:]file name 

DESCRIPTION 


The postmap command creates or queries one or more Postfix 
lookup tables, or updates an existing one. The input and 
output file formats are expected to be compatible with: 


makemap file type file name < file name 


If the result files do not exist they will be created with 
he same group and other read permissions as the source 
ile. 


E 

f 

While the table update is in progress, signal delivery is 
postponed, and an exclusive, advisory, lock is placed on 
E 
D 
T 


h ntire table, in order to avoid surprises in spectator 
rograms. 


he format of a lookup table input file is as follows: 


o A table entry has the form 


"key whitespace value' 


o Empty Lines and whitespace-only lines are ignored, 
as are lines whose first non-whitespace character 
isa Kä 


o A logical line starts with non-whitespace text. A 
line that starts with whitespace continues a logi- 
cal line. 


The key and value are processed as is, except that sur- 
rounding white space is stripped off. Unlike with Postfix 
alias databases, quotes cannot be used to protect lookup 
keys that contain special characters such as "äi or 
whitespace. The key is mapped to lowercase to make mapping 
lookups case insensitive. 


Options: 


-N Include the terminating null character that termi- 
nates lookup keys and values. By default, Postfix 
does whatever is the default for the host operating 
system. 


-c config dir 
Read the main.cf configuration file in the named 
directory instead of the default configuration 
directory. 


-d key Search the specified maps for key and remove one 
entry per map. The exit status is zero when the 
requested information was found. 


If a key value of - is specified, the program reads 
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key values from the standard input stream. The exit 
status is zero when at least one of the requested 
keys was found. 


-f Do not fold the lookup key to lower case while cre- 
ating or querying a map. 


-i Incremental mode. Read entries from standard input 
and do not truncate an existing database. By 
default, postmap creates a new database from the 
entries in file name. 


-n Don't include the terminating null character that 
terminates lookup keys and values. By default, 
Postfix does whatever is the default for the host 


operating system. 


-0 Do not release root privileges when processing a 
non-root input file. By default, postmap drops root 
privileges and runs as the sourc fil owner 
instead. 


-q key Search the specified maps for key and print the 
first value found on the standard output strean. 
The exit status is zero when the requested informa- 
tion was found. 


If a key value of - is specified, the program reads 
key values from the standard input stream and 
prints one line of key value output for each key 
that was found. The exit status is zero when at 
least one of the requested keys was found. 


-r When updating a table, do not warn about duplicate 
entries; silently replace them. 


-v Enable verbose logging for debugging purposes. Mul- 
tiple -v options make the software increasingly 
verbose. 

-w when updating a table, do not warn about duplicate 


entries; silently ignore them. 


Arguments: 
file_type 
The type of database to be produced. 


btree The output file is a btr file, named 
file name, db. This is available only on 
systems with support for db databases. 


dbm The output consists of two files, named 
file name.pag and file name.dir. This is 
available only on systems with support for 
dbm databases. 


hash The output file is a hashed file, named 
file name, db. This is available only on 
systems with support for db databases. 


Use the command postconf -m to find out what types 
of database your Postfix installation can support. 
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When no file type is specified, the software uses 
the database type specified via the 
default database type configuration parameter. 


74_Mail_Services.sxw - 167 


Linux-Kurs Themen - Mail Services - June 14, 2009 Michel Bisson 


file name 
The name of the lookup table source file when 
rebuilding a database. 


DIAGNOSTICS 
Problems and transactions are logged to the standard error 
stream. No output means no problems. Duplicat ntries ar 


skipped and are flagged with a warning. 


postmap terminates with zero exit status in case of suc- 
cess (including successful postmap -q lookup) and termi- 
nates with non-zero exit status in case of failure. 


ENVIRONMENT 
MAIL CONFIG 
Directory with Postfix configuration files. 


MAIL VERBOSE 
Enable verbose logging for debugging purposes. 


CONFIGURATION PARAMETERS 
default database type 
Default output database type. On many UNIX sys- 
tems, the default database type is either hash or 
dbm. 


berkeley db create buffer size 
Amount of buffer memory to be used when creating a 
Berkeley DB hash or btree lookup table. 


berkeley db read buffer size 
Amount of buffer memory to be used when reading a 
Berkeley DB hash or btree lookup table. 


LICENSE 
The Secure Mailer license must be distributed with this 
software. 

AUTHOR (S) 


Wietse Venema 

IBM T.J. Watson Research 

P.O. Box 704 

Yorktown Heights, NY 10598, USA 
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POSTQUEUE (1) POSTQUEUE (1) 


NAME 
postque 
SYNOPSIS 
postque 
postque 
postque 
DESCRIPTION 


ue - Postfix queue control 
ue [-c config dir] -f 
ue [-c config dir] -p 
ue [-c config dir] -s site 


The postqueue program implements the Postfix user inter- 
face for queue management. It implements operations that 
aditionally available via the sendmail (1) command. 
See the postsuper (1) command for queue operations that 


are tr 


requir 


The fol 


super-user privileges such as deleting a message 
from the queue or changing the status of a message. 


-c config dir 


"P 


-s site 


-V 


lowing options are recognized: 


The main.cf configuration file is in the named 


directory instead of the default configuration 


directory. See 
setting below. 


also the MAIL CONFIG environment 


Flush the queue: attempt to deliver all queued 


mail. 


This option implements the traditional sendmail -q 
command, by contacting the Postfix gmgr(8) daemon. 


Produce a tradi 


tional sendmail-style queue listing. 


This option implements the traditional mailq com- 


mand, by contac 


ting the Postfix showq(8) daemon. 


Each queue entry shows the queue file ID, message 


size, arrival time, sender, and the recipients that 
still need to be delivered. If mail could not be 


delivered upon the last attempt, the reason for 
failure is shown. This mode of operation is imple- 
mented by executing the postqueue (1) command. The 
queue ID string is followed by an optional status 
character: 

* The message is in the active queue, i.e. th 


message is selected for delivery. 


! The message is in the hold queue, i.e. no 


further 
the mail 


delivery attempt will be made until 
is taken off hold. 


Schedule immediate delivery of all mail that is 


queued for the 


named site. The site must be eligi- 


ble for the "fast flush" service. See flush(8) for 
more information about the "fast flush" service. 


This option implements the traditional sendmail 
-qRsite command, by contacting the Postfix flush(8) 


daemon. 


Enable verbose logging for debugging purposes. Mul- 
tiple -v options make the software increasingly 
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verbose. 


SECURITY 
This program is designed to run with set-group ID privi- 
leges, so that it can connect to Postfix daemon processes. 


DIAGNOSTICS 
Problems are logged to syslogd(8) and to the standard 
error stream. 


ENVIRONMENT 
MAIL CONFIG 
Directory with the main.cf file. 


In order to avoid exploitation of set-group ID 
privileges, it is not possible to specify arbitrary 
directory names. 


A non-standard directory is allowed only if the 
name is listed in the standard main.cf file, in the 
alternate config directories configuration parame- 
ter value. 


Only the superuser is allowed to specify arbitrary 
directory names. 


FILES 
/var/spool/postfix, mail queue 
/etc/postfix, configuration files 


CONFIGURATION PARAMETERS 
import environment 
List of names of environment parameters that can be 
imported from non-Postfix processes. 


queue directory 
Top-level directory of the Postfix queue. This is 
also the root directory of Postfix daemons that run 
chrooted. 


fast flush domains 
List of domains that will receive "fast flush" ser- 
vice (default: all domains that this system is 
willing to relay mail to). This list specifies the 
domains that Postfix accepts in the SMTP ETRN 
request and in the sendmail -qR command. 

SEE ALSO 

sendmail(1) sendmail-compatible user interfac 

postsuper (1) privileged queue operations 

gmar (8) queue manager 

showg (8) list mail queue 

flush (8) fast flush service 


LICENSE 
The Secure Mailer license must be distributed with this 
software. 

AUTHOR (S) 


Wietse Venema 

IBM T.J. Watson Research 

P.O. Box 704 

Yorktown Heights, NY 10598, USA 
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POSTSUPER (1) POSTSUPER (1) 
NAME 
postsuper - Postfix superintendent 
SYNOPSIS 
postsuper [-psv] [-c config dir] [-d queue id] [-h 
queue id] [-H queue id] [-r queue id] [directory ...] 
DESCRIPTION 


The postsuper command does maintenance jobs on the Postfix 
queue. Use of the command is restricted to the superuser. 
See the postqueue command for unprivileged queu opera- 
tions such as listing or flushing the mail queue. 


By default, postsuper performs the operations requested 
with the -s and -p command-line options on all Postfix 
queue directories - this includes the incoming, active and 
deferred directories with mail files and the bounce, defer 
and flush directories with log files. 


Options: 


-c config dir 
The main.cf configuration file is in the named 
directory instead of the default configuration 
directory. See also the MAIL CONFIG environment 
setting below. 


-d queue id 
Delete one message with the named queue ID from the 
named mail queue (s) (default: hold, incoming, 
active and deferred). If a queue id of - is speci- 
fied, the program reads queue IDs from standard 
input. For example, to delete all mail from or to 


user@example.com: 


mailg | tail +2 awk "BEGIN { RS = "" } N 
/ user@example\.com$/ { print $1 } \ 
' | tr -d '*!' | postsuper =d = 


Specify -d ALL to remove all messages; for example, 
specify -d ALL deferred to delete mail in the 
deferred queue. As a safety measure, the word ALL 
must be specified in upper case. 


Postfix queue IDs are reused. There is a very 
small possibility that postsuper deletes the wrong 
message file when it is executed while the Postfix 
mail system is running. 


The scenario is as follows: 


1) The Postfix queue manager deletes the mes 
sage that postsuper is supposed to delete, 
because Postfix is finished with the mes- 
sage. 


2) New mail arrives, and th new messag is 
given the same queue ID as the message that 
postsuper is supposed to delete. The proba- 


74_Mail_Services.sxw - 172 


Linux-Kurs Themen - Mail Services - June 14, 2009 Michel Bisson 


bility for reusing a deleted queue ID is 
about 1 in 2**15 (the number of different 
microsecond values that the system clock can 
distinguish within a second). 


3) postsuper deletes the new message, instead 
of the old message that it should have 
deleted. 

-h queue id 


Put mail "on hold" so that no attempt is made to 
deliver it. Move one message with the named queu 


ID from the named mail queue(s) (default: incoming, 
active and deferred) to the hold queue. Ifa 
queue id of - is specified, the program reads queue 


IDs from standard input. 


Specify -h ALL to hold all messages; for example, 
specify -h ALL deferred to hold mail in the 
deferred queue. As a safety measure, the word ALL 
must be specified in upper case. 


Note: mail that is put "on hold" will not expire 
when its time in th queu xceeds the maxi- 
mal queue lifetime setting. 


-H queue id 
Release mail that was put "on hold". Move one mes- 
sage with th named queue ID from the named mail 
queue (s) (default: hold) to the deferred queue. If 
a queue id of - is specified, the program reads 
queue IDs from standard input. 


Specify -H ALL to release all mail that is "on 
hold". As a safety measure, the word ALL must be 
specified in upper case. 


-p Purge old temporary files that are left over after 
system or software crashes. 


-r queue id 
Requeu th messag with the named queue ID from 


the named mail queue(s) (default: hold, incoming, 
active and deferred). To requeue multiple mes- 
sages, specify multiple -r command-line options. 
Alternatively, if a queue_id of - is specified, the 


program reads queue IDs from standard input. 


Specify -r ALL to requeue all messages. As a safety 
measure, the word ALL must be specified in upper 
case. 


A requeued message is moved to the maildrop queue, 
from where it is copied by the pickup daemon to a 
new file whose name is guaranteed to match the new 
queue file inode number. The new queue file is sub- 
jected again to mail address rewriting and substi- 
tution. This is useful when rewriting rules or vir- 
tual mappings have changed. 


= 


Postfix queue IDs are reused. There is a very 
small possibility that postsuper requeues the wrong 
message file when it is executed while the Postfix 
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mail system is running, but no harm should be done. 
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-s Structure check and structure repair. It is highly 
recommended to perform this operation once before 
Postfix startup. 


o Rename files whose name does not match the 
message file inode number. This operation is 
necessary after restoring a mail queue from 


a different machine, or from backup media. 


o Move queue files that are in the wrong place 
in the file system hierarchy and remove sub- 
directories that are no longer needed. File 
position rearrangements are necessary after 
a change in the hash queue names and/or 
hash queue depth configuration parameters. 


-v Enable verbose logging for debugging purposes. Mul- 
tiple -v options make the software increasingly 
verbose. 


DIAGNOSTICS 
Problems are reported to the standard error stream and to 
syslogd. 


postsuper reports the number of messages deleted with -d, 
the number of messages requeued with -r, and the number of 


messages whos queu fil nam was fixed with -s. The 
report is written to the standard error stream and to sys- 
logd. 

ENVIRONMENT 


MAIL CONFIG 
Directory with the main.cf file. 


BUGS 
Mail that is not sanitized by Postfix (i.e. mail in the 
maildrop queue) cannot be placed "on hold". 


CONFIGURATION PARAMETERS 
See the Postfix main.cf file for syntax details and for 
default values. 


hash queue depth 
Number of subdirectory levels for hashed queues. 


hash queue names 
The names of queues that are organized into multi- 
ple levels of subdirectories. 


SEE ALSO 
sendmail(1) sendmail-compatible user interfac 
postqgueue (1) unprivileged queue operations 


LICENSE 
The Secure Mailer license must be distributed with this 
software. 

AUTHOR (S) 


Wietse Venema 

IBM T.J. Watson Research 

P.O. Box 704 

Yorktown Heights, NY 10598, USA 
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Delivering Mail 


Once a message has reached the incoming queue the next step is to deliver it. The figure 
shows the main components of the Postfix mail delivery apparatus. For an explanation of 
the symbols, click on the icon in the upper left-hand corner of this page. 


The queue manager is the heart of the Postfix mail system. It contacts the local, 
smtp, lmtp, or pipe delivery agents, and sends a delivery request with queue file 
pathname information, the message sender address, the host to deliver to if the 
destination is remote, and one or more message recipient addresses. 


The queue manager maintains a separate deferred queue for mail that cannot be 
delivered, so that a large mail backlog will not slow down normal queue accesses. 


The queue manager maintains a small active queue with just the few messages 
that it has opened for delivery. The active queue acts as a limited window on the 
potentially much larger incoming or deferred queues. The small active queue 
prevents the queue manager from running out of memory under heavy load. 


Optionally, the queue manager bounces mail for recipients that are listed in the 
relocated table. This table contains contact information for users or even entire 
domains that no longer exist. 


On request by the queue manager, the trivial-rewrite daemon resolves destinations. 
By default, it only distinguishes between local and remote destinations. Additional 
routing information can be specified with the optional transport table. 


On request by the queue manager, the bounce or defer daemon generates non- 
delivery reports when mail cannot be delivered, either due to an unrecoverable error 
or because the destination is unreachable for an extended period of time. 


The local delivery agent understands UNIX-style mailboxes, sendmail-style 
system-wide alias databases, and sendmail-style per-user .forward files. Multiple 
local delivery agents can be run in parallel, but parallel delivery to the same user is 
usually limited. 


Together with the sendmail mail posting agent, the local delivery agent implements 
the familiar Sendmail user interface. 
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The local delivery agent has hooks for alternative forms of local delivery: you can 
configure it to deliver to mailbox files in user home directories, and you can even 
configure it to delegate mailbox delivery to an external command such as the 


popular procmail program. 


The virtual delivery agent is a very much stripped down version of the local delivery 
agent that delivers to mailboxes only. This is the most secure Postfix delivery agent, 
because it does not aliases expansions and no .forward file expansions. 


This delivery agent can deliver mail for multiple domains, which makes it especially 
suitable for hosting lots of small domains on a single machine. 


The SMTP client looks up a list of mail exchangers for the destination host, sorts the 
list by preference, and tries each address in turn until it finds a server that responds. 
On a busy Postfix system you will see several SMTP client processes running in 
parallel. 


The LMTP client speaks a protocol similar to SMTP. The client can connect to local 
or remote mailbox servers such as Cyrus. All the queue management is done by 
Postfix. The advantage of this setup is that one Postfix machine can feed multiple 
mailbox servers over LMTP. The opposite is true as well: one mailbox server can be 
fed over LMTP by multiple Postfix machines. 


The pipe mailer is the outbound interface to other mail transports (the sendmail 
program is the inbound interface). The Postfix mail system comes with examples for 
delivery via the UUCP protocol. At the time of writing, this venerable protocol is still 
widely used. By default, Postfix understands bang path style addresses. 
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QMGR(8) QMGR(8) 


NAME 


amgr - Postfix queue manager 


SYNOPSIS 


qmgr [generic Postfix daemon options] 


DESCRIPTION 


The qmgr daemon awaits the arrival of incoming mail and 
arranges for its delivery via Postfix delivery processes. 
The actual mail routing strategy is delegated to the triv- 
ial-rewrite(8) daemon. This program expects to be run 
from the master(8) process manager. 


Mail addressed to the local double-bounce address is 
Silently discarded. This stops potential loops caused by 
undeliverable bounce notifications. 


MAIL QUEUES 


The qmgr daemon maintains the following queues: 


incoming 
Inbound mail from the network, or mail picked up by 
the local pickup agent from the maildrop directory. 


active Messages that the queue manager has opened for 
delivery. Only a limited number of messages is 
allowed to enter the active queue (leaky bucket 
strategy, for a fixed delivery rate). 


deferred 
Mail that could not be delivered upon the first 
attempt. The queue manager implements exponential 
backoff by doubling th tim between delivery 
attempts. 

corrupt 


Unreadable or damaged queue files are moved her 
for inspection. 


hold Messages that are kept "on hold" ar kept her 
until someone sets them fr 


DELIVERY STATUS REPORTS 


The qamgr daemon keeps an eye on per-message delivery sta- 
tus reports in the following directories. Each status 
report file has the same name as the corresponding message 
file: 


bounce Per-recipient status information about why mail is 
bounced. These files are maintained by the 


bounce (8) daemon. 


defer Per-recipient status information about why mail is 
delayed. These files are maintained by the 


defer (8) daemon. 


The qmgr daemon is responsible for asking the bounce(8) or 
defer(8) daemons to send non-delivery reports. 


Michel Bisson 
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STRATEGIES 
The queue manager implements a variety of strategies for 
either opening queue files (input) or for message delivery 
(output). 


leaky bucket 
This strategy limits the number of messages in the 
active queue and prevents the queue manager from 
running out of memory under heavy load. 


fairness 
When the active queue has room, the queue manager 
takes one message from the incoming queue and one 
from the deferred queue. This prevents a large mail 
backlog from blocking the delivery of new mail. 


slow start 
This strategy eliminates "thundering herd" problems 
by slowly adjusting the number of parallel deliver- 
ies to the same destination. 


round robin 
The queue manager sorts delivery requests by desti- 


nation. Round-robin selection prevents one desti- 
nation from dominating deliveries to other destina- 
tions. 


exponential backoff 
Mail that cannot be delivered upon the first 
attempt is deferred. Th tim interval between 
delivery attempts is doubled after each attempt. 


destination status cache 

The queue manager avoids unnecessary delivery 
attempts by maintaining a short-term, in-memory 
list of unreachable destinations. 


TRIGGERS 
On an idle system, the queue manager waits for the arrival 
of trigger events, or it waits for a timer to go off. A 


trigger is a one-byte message. Depending on the message 
received, the queue manager performs one of the following 
actions (the message is followed by the symbolic constant 


used internally by the software): 


D (QMGR REQ SCAN DEFERRED) 
Start a deferred queue scan. If a deferred queu 
scan is already in progress, that scan will be 
restarted as soon as it finishes. 


I (QMGR REQ SCAN INCOMING) 
Start an incoming queue scan. If an incoming queue 
scan is already in progress, that scan will be 
restarted as soon as it finishes. 


A (QMGR REQ SCAN ALL) 
Ignore deferred queue file time stamps. The request 
affects the next deferred queue scan. 


F (QMGR REQ FLUSH DEAD) 
Purge all information about dead transports and 
destinations. 
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W (TRIGGER REQ WAKEUP) 
Wakeup call, This is used by the master server to 
instantiate servers that should not go away for- 
ever. The action is to start an incoming queue 
scan. 


The qmgr daemon reads an entire buffer worth of triggers. 
Multiple identical trigger requests are collapsed into 
one, and trigger requests are sorted so that A and F pre- 
cede D and I. Thus, in order to force a deferred queu 
run, one would request A F D; in order to notify the queue 
manager of the arrival of new mail one would request I. 


STANDARDS 
None. The qmgr daemon does not interact with the outside 
world. 

SECURITY 
The qmgr daemon is not security sensitive. It reads sin- 
gle-character messages from untrusted local users, and 


thus may be susceptible to denial of service attacks. The 
qmgr daemon does not talk to the outside world, and it can 
be run at fixed low privilege in a chrooted environment. 


DIAGNOSTICS 
Problems and transactions are logged to the syslog daemon. 
Corrupted message files are saved to the corrupt queue for 
further inspection. 


Depending on the setting of the notify classes parameter, 
the postmaster is notified of bounces and of other trou- 
ble. 


BUGS 
A single queue manager process has to compete for disk 
access with multiple front-end processes such as smtpd. A 
sudden burst of inbound mail can negatively impact out- 
bound delivery rates. 


CONFIGURATION PARAMETERS 
The following main.cf parameters ar specially relevant 
to this program. See the Postfix main.cf file for syntax 
details and for default values. Use the postfix reload 
command after a configuration change. 


Miscellaneous 
allow min user 


Do not bounce recipient addresses that begin with 
U U 


queue directory 
Top-level directory of the Postfix queue. 


Active queue controls 
qmgr clog warn time 
Minimal delay between warnings that a specific des- 
tination is clogging up the active queue. Specify 0 
to disable. 


qmgr message active limit 
Limit the number of messages in the active queue. 
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qmgr message recipient limit 
Limit the number of in-memory recipients. 


This parameter also limits the size of the short- 
term, in-memory destination cache. 


Timing controls 
minimal backoff time 
Minimal time in seconds between delivery attempts 
of a deferred messag 


This parameter also limits the time an unreachable 
destination is kept in the short-term, in-memory 
destination status cache. 


maximal backoff time 
Maximal time in seconds between delivery attempts 
of a deferred messag 


maximal queue lifetime 
Maximal time in days a message is queued before it 
is sent back as undeliverable. 


queue run delay 
Time in seconds between deferred queue scans. Queue 
scans do not overlap. 


transport retry time 
Time in seconds between attempts to contact a bro- 
ken delivery transport. 


Concurrency controls 
In the text below, transport is the first field in a mas- 
ter.cf entry. 


qmgr fudge factor (valid range: 10..100) 
Th percentag of delivery resources that a busy 
mail system will use up for delivery of a large 
mailing list message. With 100%, delivery of one 
message does not begin before the previous message 
has been delivered. This results in good perfor- 


mance for large mailing lists, but results in poor 
respons time for one-to-one mail. With less than 
100%, response time for one-to-one mail improves, 
but large mailing list delivery performance suf- 
fers. In the worst case, recipients near the begin- 
ning of a large list receive a burst of messages 
immediately, while recipients near th nd of that 
list receive that same burst of messages a whole 
day later. 


initial destination concurrency 
Initial per-destination concurrency level for par- 
allel delivery to the same destination. 


default destination concurrency limit 
Default limit on the number of parallel deliveries 
to the same destination. 


transport destination concurrency limit 
Limit on the number of parallel deliveries to the 
same destination, for delivery via the named mes- 
sage transport. 
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Recipient controls 
default destination recipient limit 
Default limit on the number of recipients per mes- 
sage transfer. 


transport destination recipient limit 
Limit on the number of recipients per message 
transfer, for the named message transport. 


SEE ALSO 


master(8), process manager 
syslogd(8) system logging 


trivial-rewrite(8), address routing 
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LOCAL(8) LOCAL(8) 
NAME 

local - Postfix local mail delivery 
SYNOPSIS 


local [generic Postfix daemon options 


DESCRIPTION 
The local daemon processes delivery requests from the 
Postfix queue manager to deliver mail to local recipients. 


Each delivery request specifies a queue file, a sender 
address, a domain or host to deliver to, and one or more 
recipients. This program expects to be run from the mas- 


ter(8) process manager. 


The local daemon updates queue files and marks recipients 
as finished, or it informs the queue manager that delivery 


should be tried again at a later time. Delivery problem 
reports are sent to the bounce(8) or defer(8) daemon as 
appropriate. 


SYSTEM-WIDE AND USER-LEVEL ALIASING 

The system administrator can set up one or more system- 
wide sendmail-style alias databases. Users can have send- 
mail-style -/.forward files. Mail for name is delivered 
to the alias name, to destinations in -name/.forward, to 
the mailbox owned by the user name, or it is sent back as 
undeliverable. 


The system administrator can specify a comma/space sepa- 
rated list of ~/.forward like files through the for- 
ward path configuration parameter. Upon delivery, the 
local delivery agent tries each pathname in the list until 
a file is found. The forward path parameter is subject to 
interpolation of $user (recipient username), $home (recip- 
ient home directory), $shell (recipient shell), $recipient 
(complete recipient address), Sextension (recipient 
address extension), $domain (recipient domain), local 
(entire recipient address localpart) and $recipient delim- 
iter. The forms S{name?value} and S{name:value} expand 
conditionally to value when Sname is (is not) defined. 
Characters that may have special meaning to the shell or 
file system are replaced by underscores. The list of 
acceptable characters is specified with the forward expan- 
sion filter configuration parameter. 


An alias or ~/.forward file may list any combination of 
external commands, destination file names, :include: 
directives, or mail addresses. See aliases (5) for a pre- 
cise description. Each line in a user's .forward file has 
the same syntax as the right-hand part of an alias. 


when an address is found in its own alias expansion, 
delivery is made to the user instead. When a user is 
listed in the user's own -/.forward file, delivery is made 
to the user's mailbox instead. An empty ~/.forward file 
means do not forward mail. 


In order to prevent the mail system from using up unrea- 
sonable amounts of memory, input records read from 
:include: or from ~/.forward files are broken up into 
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chunks of length line length limit. 

While expanding aliases, ~/.forward files, and so on, the 
program attempts to avoid duplicate deliveries. The dupli- 
cate filter limit configuration parameter limits the num- 
ber of remembered recipients. 


MAIL FORWARDING 
For the sake of reliability, forwarded mail is re-submit- 
ted as a new message, so that each recipient has a sepa- 
rate on-file delivery status record. 


In order to stop mail forwarding loops early, the software 
adds an optional Delivered-To: header with the envelope 
recipient address. If mail arrives for a recipient that is 
already listed in a Delivered-To: header, the message is 
bounced. 


MATLBOX DELIVERY 
The default per-user mailbox is a file in the UNIX mail 
spool directory (/var/mail/user or /var/spool/mail/user) ; 
the location can be specified with the mail spool direc- 
tory configuration parameter. Specify a name ending in / 
for qmail-compatible maildir delivery. 


Alternatively, the per-user mailbox can be a file in the 
user's home directory with a name specified via the 
home mailbox configuration parameter. Specify a relative 
path name. Specify a name ending in / for qmail-compatible 
maildir delivery. 


Mailbox delivery can be delegated to an external command 
specified with the mailbox command configuration parame- 
ter. The command executes with the privileges of the 
recipient user (exception: in case of delivery as root, 
the command executes with the privileges of 
default privs). 


Mailbox delivery can be delegated to alternative message 
transports specified in the master.cf file. The mail- 
box transport configuration parameter specifies a messag 

transport that is to be used for all local recipients, 
regardless of whether they are found in the UNIX passwd 
database. The fallback transport parameter specifies a 
message transport for recipients that are not found in the 
UNIX passwd database. 


In the case of UNIX-style mailbox delivery, the local dae- 
mon prepends a "From sender time stamp" envelope header to 
ach message, prepends an X-Original-To: header with the 
recipient address as given to Postfix, prepends an 
optional Delivered-To: header with th nvelop recipient 
address, prepends a Return-Path: header with the envelope 
sender address, prepends a > character to lines beginning 
with "From ", and appends an empty line. The mailbox is 
locked for exclusive access while delivery is in progress. 
In case of problems, an attempt is made to truncate the 
mailbox to its original length. 


In the case of maildir delivery, the local daemon prepends 
an optional Delivered-To: header with the final envelope 
recipient address, prepends an X-Original-To: header with 
the recipient address as given to Postfix, and prepends a 
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Return-Path: header with th nvelope sender address. 


EXTERNAL COMMAND DELIVERY 


The allow mail to commands configuration parameter 
restricts delivery to external commands. The default set- 
ting (alias, forward) forbids command destinations in 


:include: files. 


he command is xecuted directly where possible. Assis- 
ance by the shell (/bin/sh on UNIX systems) is used only 
hen the command contains shell magic characters, or when 
he command invokes a shell built-in command. 


azacdH 


A limited amount of command output (standard output and 
standard error) is captured for inclusion with non-deliv- 
e 
a 


ry status reports. A command is forcibly terminated if 
t does not complete within command time limit seconds. 
Command exit status codes ar xpected to follow the con- 
ventions defined in <sysexits.h>. 


A limited amount of message context is exported via envi- 
ronment variables. Characters that may have special mean- 
ing to the shell are replaced by underscores. The list of 
acceptable characters is specified with the command expan- 
sion filter configuration parameter. 


SHELL The recipient user's login shell. 


HOME The recipient user's home directory. 


USER The bare recipient name. 


EXTENSION 
The optional recipient address extension. 


DOMAIN The recipient address domain part. 


LOGNAME 


m 


he bare recipient name. 


LOCAL Th ntire recipient address localpart (text to the 
left of the rightmost @ character). 


RECIPIENT 
Th ntire recipient address. 


SENDER Th ntire sender address. 


The PATH environment variable is always reset to a system- 
dependent default path, and environment variables whose 
names are blessed by the export environment configuration 
parameter ar xported unchanged. 


The current working directory is the mail queue directory. 


The local daemon prepends a "From sender time stamp" enve- 
lope header to ach message, prepends an X-Original-To: 
header with the recipient address as given to Postfix, 
prepends an optional Delivered-To: header with the recipi- 
nt envelope address, prepends a Return-Path: header with 
the sender envelope address, and appends no empty line. 


EXTERNAL FILE DELIVERY 


The delivery format depends on the destination filename 
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syntax. The default is to use UNIX-style mailbox format. 
Specify a name ending in / for qmail-compatible maildir 
delivery. 


The allow mail to files configuration parameter restricts 
delivery to external files. The default setting (alias, 
forward) forbids file destinations in :include: files. 


In the case of UNIX-style mailbox delivery, the local dae- 
mon prepends a "From sender time stamp" envelope header to 
ach message, prepends an X-Original-To: header with the 
recipient address as given to Postfix, prepends an 
optional Delivered-To: header with the recipient nvelop 
address, prepends a > character to lines beginning with 
"From ", and appends an empty line. Th nvelop sender 
address is available in the Return-Path: header. When the 
destination is a regular file, it is locked for exclusive 
access while delivery is in progress. In case of problems, 
an attempt is made to truncate a regular file to its orig- 
inal length. 


In the case of maildir delivery, the local daemon prepends 
an optional Delivered-To: header with th nvelope recipi 

ent address, and prepends an X-Original-To: header with 
the recipient address as given to Postfix. The envelope 
sender address is available in the Return-Path: header. 


ADDRESS EXTENSION 
The optional recipient delimiter configuration parameter 
specifies how to separate address xtensions from local 
recipient names. 


For example, with "recipient delimiter = +", mail for 
name+foo is delivered to the alias nametfoo or to the 
alias name, to the destinations listed in ~name/.for- 
ward+foo or in -name/.forward, to the mailbox owned by the 


user name, or it is sent back as undeliverable. 


In all cases the local daemon prepends an optional 'Deliv- 
ered-To: name+foo' header line. 


DELIVERY RIGHTS 

Deliveries to external files and external commands are 
made with the rights of the receiving user on whose behalf 
the delivery is made. In the absence of a user context, 
the local daemon uses the owner rights of the :include: 
file or alias database. When those files are owned by the 
superuser, delivery is made with the rights specified with 
the default privs configuration parameter. 


STANDARDS 
RFC 822 (ARPA Internet Text Messages) 


DIAGNOSTICS 
Problems and transactions are logged to syslogd(8). Cor= 
rupted message files are marked so that the queue manager 
can move them to the corrupt queue afterwards. 


Depending on the setting of the notify classes parameter, 
the postmaster is notified of bounces and of other trou- 
ble. 
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BUGS 
For security reasons, th messag delivery status of 
external commands or of external files is never check- 
pointed to file. As a result, the program may occasionally 
deliver more than once to a command or external file. Bet- 
ter safe than sorry. 


Mutually-recursive aliases or ~/.forward files are not 
detected early. The resulting mail forwarding loop is 
broken by the use of the Delivered-To: message header. 


CONFIGURATION PARAMETERS 
The following main.cf parameters ar specially relevant 
to this program. See the Postfix main.cf file for syntax 
details and for default values. Use the postfix reload 
command after a configuration change. 


Miscellaneous 
alias maps 
List of alias databases. 


biff Enable or disable notification of new mail via the 
comsat network service. 


expand owner alias 
When delivering to an alias that has an owner- com- 
panion alias, set th nvelope sender address to 
the right-hand side of the owner alias, instead 
using of the left-hand side address. 


export environment 
List of names of environment parameters that can be 
exported to non-Postfix processes. 


forward path 
Search list for .forward files. The names are sub- 
ject to $name expansion. 


local command shell 
Shell to use for external command execution (for 
example, /some/where/smrsh -c). When a shell is 
specified, it is invoked even when the command con- 
tains no shell built-in commands or meta charac- 
ters. 


owner request special 
Give special treatment to owner-xxx and xxx-request 
addresses. 


prepend delivered header 
Prepend an optional Delivered-To: header upon 
external forwarding, delivery to command or file. 
Specify zero or more of: command, file, forward. 
Turning off Delivered-To: when forwarding mail is 
not recommended. 


recipient delimiter 
Separator between username and address extension. 


require home directory 
Require that a recipient's home directory is acces- 
sible by the recipient before attempting delivery. 
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Defer delivery otherwise. 


Mailbox delivery 
fallback transport 
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Message transport for recipients that are not found 
in the UNIX passwd database. This parameter over- 
rides luser relay. 


Note: you must update the local recipient maps set- 
ting in the main.cf file, otherwise the Postfix 
SMTP server will reject mail for non-UNIX accounts 
with "User unknown in local recipient table". 


home mailbox 
Pathname 
directory. 
style delivery. 


of a mailbox relati 


luser relay 


ve to a user's home 


Specify a path ending in / for maildir- 


Destination (@domain or address) for non-existent 
users. The address is subjected to $name expan- 
sion. 

Note: you must specify "local recipient maps =" 
(i.e. empty) in the main.cf file, otherwise the 
Postfix SMTP server will reject mail for non-UNIX 
accounts with "User unknown in local recipient 
table". 

mail spool directory 
Directory with UNIX-style mailboxes. The default 


pathname is system dependent. 
ing i 


mailbox command 


External command to use for ma 
command executes with the re 
(exception: root). The string 
expansions. 


mailbox command maps 
Lookup tables with per-recipient 


Specify a path 
n / for maildir-style delivery. 


end- 


ilbox delivery. The 
cipient privileges 
is subject to $name 


xternal commands 


to use for mailbox delivery. 
mailbox command. 


mailbox transport 
Message transport to use for ma 
all local recipients, whether or 
in the UNIX passwd database. Th 
rides 
trol mailbox delivery, 


including 


Note: if you use this feature to 


Behavior is as with 


ilbox delivery to 
not they are found 
is parameter over- 


all other configuration parameters that con- 


luser relay. 


receiv mail for 


non-UNIX accounts then you 
local recipient maps setting in 
otherwise 
for non-UNIX accounts with 
recipient table". 


"User 


Locking controls 
deliver lock attempts 
Limit the 


the 
file, 


must 
the 


update 
main.cf 


the Postfix SMTP server will reject mail 


unknown in local 


number of attempts to acquire an exclu- 
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sive lock on a mailbox or external file. 
deliver lock delay 
Time in seconds between successive attempts to 


acquire an exclusive lock. 


stale lock time 
Limit the time after which a stale lock is removed. 
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mailbox delivery lock 
What file locking method(s) to use when delivering 
to a UNIX-style mailbox. The default setting is 
system dependent. For a list of available file 
locking methods, use the postconf -1 command. 


Resource controls 
command time limit 
Limit the amount of time for delivery to external 
command. 


duplicate filter limit 
Limit the size of the duplicate filter for results 
from alias etc. expansion. 


line length limit 
Limit the amount of memory used for processing a 
partial input line. 


local destination concurrency limit 
Limit the number of parallel deliveries to the same 
user. The default limit is taken from the 
default destination concurrency limit parameter. 


local destination recipient limit 
Limit the number of recipients per messag deliv- 
ery. The default limit is taken from the 
default destination recipient limit parameter. 


mailbox size limit 
Limit the size of a mailbox etc. file (any file 
that is written to upon delivery). Set to zero to 
disable the limit. 


Security controls 
allow mail to commands 
Restrict the usage of mail delivery to external 
command. Specify zero or more of: alias, forward, 
include. 


allow mail to files 
Restrict the usage of mail delivery to external 
file. Specify zero or more of: alias, forward, 
include. 


command expansion filter 
What characters are allowed to appear in Sname 
expansions of mailbox command. Illegal characters 
are replaced by underscores. 


default privs 
Default rights for delivery to external file or 
command. 


forward expansion filter 
what characters are allowed to appear in Sname 
expansions of forward path. Illegal characters are 
replaced by underscores. 


HISTORY 
The Delivered-To: header appears in the qmail system by 
Daniel Bernstein. 
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The maildir structure appears in the qmail system by 
Daniel Bernstein. 


SMTP(8) SMTP(8) 
NAME 

smtp - Postfix remote delivery via SMTP 
SYNOPSIS 


smtp [generic Postfix daemon options] 


DESCRIPTION 


The SMTP client processes message delivery requests from 
the queue manager. Each request specifies a queue file, a 
sender address, a domain or host to deliver to, and recip- 
lent information. This program expects to be run from the 
master(8) process manager. 


The SMTP client updates the queue file and marks recipi- 
ents as finished, or it informs the queue manager that 
delivery should be tried again at a later time. Delivery 
problem reports are sent to the bounce(8) or defer(8) dae- 
mon as appropriate. 


The SMTP client looks up a list of mail exchanger 
addresses for the destination host, sorts the list by 
preference, and connects to each listed address until it 


finds a server that responds. 


When the domain or host is specified as a comma/whitespace 
separated list, the SMTP client repeats the above process 
for all destinations until it finds a server that 
responds. 


Once the SMTP client has received the server greeting ban- 
ner, no error will cause it to proceed to the next address 
on the mail exchanger list. Instead, the message is either 
bounced, or its delivery is deferred until later. 


SECURITY 


The SMTP client is moderately security-sensitive. It talks 
to SMTP servers and to DNS servers on the network. The 
SMTP client can be run chrooted at fixed low privilege. 


STANDARDS 
RFC 821 (SMTP protocol) 
RFC 822 (ARPA Internet Text Messages) 
RFC 1651 (SMTP service extensions) 
RFC 1652 (8bit-MIME transport) 
RFC_1870 (Message Size Declaration) 
RFC 2045 (MIME: Format of Internet Message Bodies) 
RFC 2046 (MIME: Media Types) 
RFC 2554 (AUTH command) 
RFC 2821 (SMTP protocol) 
RFC 2920 (SMTP Pipelining) 
DIAGNOSTICS 
Problems and transactions are logged to syslogd (8). Cor- 


rupted message files are marked so that the queue manager 
can move them to the corrupt queue for further inspection. 


Depending on the setting of the notify classes parameter, 
the postmaster is notified of bounces, protocol problens, 
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and of other trouble. 


BUGS 
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CONFIGURATION PARAMETERS 
The following main.cf parameters ar specially relevant 
to this program. See the Postfix main.cf file for syntax 
details and for default values. Use the postfix reload 
command after a configuration change. 


Miscellaneous 
best mx transport 
Name of the delivery transport to use when the 
local machine is the most-preferred mail exchanger 
(by default, a mailer loop is reported, and the 
message is bounced). 


debug peer level 
Verbose logging level increment for hosts that 
match a pattern in the debug peer list parameter. 


debug peer list 
List of domain or network patterns. When a remote 
host matches a pattern, increase the verbose log- 
ging level by the amount specified in the 
debug peer level parameter. 


disable dns lookups 
Disable DNS lookups. This means that mail must be 
forwarded via a smart relay host. 


error notice recipient 
Recipient of protocol/policy/resource/software 
error notices. 


fallback relay 
Hosts to hand off mail to if a message destination 
is not found or if a destination is unreachable. 


ignore mx lookup error 
When a name server fails to respond to an MX query, 
search for an A record instead deferring mail 
delivery. 


inet interfaces 
The network interface addresses that this mail sys- 
tem receives mail on. When any of those addresses 
appears in the list of mail exchangers for a remote 


destination, the list is truncated to avoid mail 
delivery loops. See also the proxy interfaces 
parameter. 


notify classes 
When this parameter includes the protocol class, 
send mail to the postmaster with transcripts of 
SMTP sessions with protocol errors. 


proxy interfaces 
Network interfaces that this mail system receives 
mail on by way of a proxy or network address trans- 
lator. When any of those addresses appears in the 
list of mail exchangers for a remote destination, 
the list is truncated to avoid mail delivery loops. 
See also the inet interfaces parameter. 


smtp always send ehlo 
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Always send EHLO at the start of a connection. 
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smtp never send ehlo 
Never send EHLO at the start of a connection. 


smtp bind address 
Numerical source network address to bind to when 
making a connection. 


smtp line length limit 
Length limit for SMTP message content lines. Zero 
means no limit. Some SMTP servers misbehave on 
long lines. 


smtp helo name 
The hostname to be used in HELO and EHLO commands. 


smtp skip 4xx greeting 
Skip servers that greet us with a 4xx status code. 


smtp skip 5xx greeting 
Skip servers that greet us with a 5xx status code. 


smtp skip quit response 
Do not wait for the server respons after sending 
QUIT. 


smtp pix workaround delay time 
The time to pause before sending .<CR><LF>, while 
working around the CISCO PIX firewall 
<CR><LF>.<CR><LF> bug. 


smtp pix workaround threshold time 
Th time a message must be queued before the CISCO 
PIX firewall <CR><LF>.<CR><LF> bug workaround is 
turned on. 


MIME Conversion 
disable mime output conversion 
Disable the conversion of 8BITMIME format to 7BIT 
format when the remote system does not advertise 
8BITMIME support. 


Kal 


mime boundary length limit 

The amount of space that will be allocated for MIME 
multipart boundary strings. The MIME processor is 
unable to distinguish between boundary strings that 
do not differ in the first $mime_bound- 


ary length limit characters. 


mime nesting limit 
The maximal nesting level of multipart mail that 
the MIME processor can handle. Refuse mail that is 
nested deeper, when converting from 8BITMIME format 
to 7BIT format. 


Authentication controls 

smtp sasl auth enable 
Enable per-session authentication as per RFC 2554 
(SASL). By default, Postfix is built without SASL 
support. 


smtp sasl password maps 
Lookup tables with per-host or domain name:password 
entries. No entry for a host means no attempt to 
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authenticate. 
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smtp sasl security options 
Zero or more of the following. 


noplaintext 
Disallow authentication methods that use 
plaintext passwords. 


noactive 
Disallow authentication methods that are 
vulnerable to non-dictionary active attacks. 


nodictionary 
Disallow authentication methods that are 
vulnerable to passive dictionary attack. 


noanonymous 
Disallow anonymous logins. 


Resource controls 
smtp destination concurrency limit 
Limit the number of parallel deliveries to the same 
destination. The default limit is taken from the 
default destination concurrency limit parameter. 


smtp destination recipient limit 
Limit the number of recipients per messag deliv- 
ery. The default limit is taken from the 
default destination recipient limit parameter. 


Timeout controls 
The default time unit is seconds; an explicit time unit 
can be specified by appending a one-letter suffix to the 
value: s (seconds), m (minutes), h (hours), d (days) or w 
(weeks). 


smtp connect timeout 
Timeout for completing a TCP connection. When no 
connection can be made within th deadline, th 
SMTP client tries the next address on the mail 
exchanger list. 


smtp helo timeout 
Timeout for receiving the SMTP greeting banner. 
When the server drops the connection without send- 
ing a greeting banner, or when it sends no greeting 
banner within the deadline, the SMTP client tries 
the next address on the mail exchanger list. 


smtp helo timeout 
Timeout for sending the HELO command, and for 
receiving the server respons 


smtp mail timeout 
Timeout for sending the MAIL FROM command, and for 
receiving the server respons 


smtp rept timeout 
Timeout for sending the RCPT TO command, and for 
receiving the server respons 


smtp data init timeout 
Timeout for sending the DATA command, and for 
receiving the server respons 
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smtp data xfer timeout 
Timeout for sending the message content. 


smtp data done timeout 


Timeout for sending the "." command, and for 
receiving the server response. When no response is 
received, a warning is logged that the mail may be 


delivered multiple times. 


smtp quit timeout 
Timeout for sending the QUIT command, and for 
receiving the server respons 


SEE ALSO 
bounce (8) non-delivery status reports 
master (8) process manager 


amgr(8) queue manager 
syslogd(8) system logging 
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LMTP(8) 


LMTP(8) 


NAME 


lmtp - Postfix local 


delivery via LMTP 


SYNOPSIS 
Imtp 


DESCRIPTION 
The LMTP client 
the queue manager. 
sender address, a 
ient information. 


master (8) process 


LMTP client 
finished, 
should 


The 
ents as 
delivery 
problem 
mon as 


The LMTP 


the message delivery 


domain or host to deliver to, 


updates the queu 
or it 
be tried again at a later tim 
reports are sent to the bounce(8) or defer(8) dae- 
appropriate. 


[generic Postfix daemon options] 


processes message delivery requests from 


Each request specifies a queue file, a 
and recip- 
This program expects to be run from the 


manager. 


file and marks recipi- 
queue manager that 
Delivery 


informs the 


client connects to the destination specified in 


The destination, usually 


specified in the Postfix transport(5) table, 


unix: pathname 
Connect to 
bound to 


relative to 
inet:host, 


inet: [addr], inet: 


Connect to the 


the local 
the 
runs chrooted, 


inet:host:port 


request. 
has the form: 


server that is 
If the process 
interpreted 


UNIX-domain 

specified pathname. 
an absolute pathname is 
the changed root directory. 


(symbolic host) 


[addr]:port (numeric host) 
specified IPV4 TCP port on the spec- 
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ified local or remote host. If no port is speci- 
fied, connect to the port defined as lmtp in ser- 
vices (4). If no such service is found, the 
lmtp tcp port configuration parameter (default 
value of 24) will be used. 
The LMTP client does not perform MX (mail 
exchanger) lookups since those are defined only for 
mail delivery via SMTP. 

I£ neither unix: nor inet: are specified, inet: is 

assumed. 

SECURITY 

The LMTP client is moderately security-sensitive. It talks 

to LMTP servers and to DNS servers on the network. The 

MTP client can be run chrooted at fixed low privilege. 

STANDARDS 

RFC 821 (SMTP protocol) 

RFC 1651 (SMTP service extensions) 

RFC 1652 (8bit-MIME transport) 

RFC 1870 (Message Size Declaration) 

RFC 2033 (LMTP protocol) 

RFC 2554 (AUTH command) 

RFC 2821 (SMTP protocol) 

RFC 2920 (SMTP Pipelining) 
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DIAGNOSTICS 
Problems and transactions are logged to syslogd(8). Cor- 
rupted message files are marked so that the queue manager 
can move them to the corrupt queue for further inspection. 


Depending on the setting of the notify classes parameter, 
the postmaster is notified of bounces, protocol problems, 
and of other trouble. 


BUGS 


CONFIGURATION PARAMETERS 
The following main.cf parameters ar specially relevant 
to this program. See the Postfix main.cf file for syntax 
details and for default values. Use the postfix reload 
command after a configuration change. 


Miscellaneous 
debug peer level 
Verbose logging level increment for hosts that 
match a pattern in the debug peer list parameter. 


debug peer list 
List of domain or network patterns. When a remote 
host matches a pattern, increase the verbose log 
ging level by the amount specified in the 
debug peer level parameter. 


error notice recipient 
Recipient of protocol/policy/resource/software 
error notices. 


notify classes 
When this parameter includes the protocol class, 
send mail to the postmaster with transcripts of 
LMTP sessions with protocol errors. 


lmtp skip quit response 
Do not wait for the server respons after sending 
QUIT. 


lmtp tcp port 
The TCP port to be used when connecting to a LMTP 
server. Used as backup if the lmtp service is not 
found in services (4). 


Authentication controls 

lmtp sasl auth enable 
Enable per-session authentication as per RFC 2554 
(SASL). By default, Postfix is built without SASL 
support. 


lmtp sasl password maps 
Lookup tables with per-host or domain name:password 
entries. No entry for a host means no attempt to 
authenticate. 


lmtp sasl security options 
Zero or more of the following. 


noplaintext 
Disallow authentication methods that use 
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plaintext passwords. 


noactive 
Disallow authentication methods that are 
vulnerable to non-dictionary active attacks. 


nodictionary 
Disallow authentication methods that are 
vulnerable to passive dictionary attack. 


noanonymous 
Disallow anonymous logins. 


Resource controls 
lmtp cache connection 
Should we cache the connection to the LMTP server? 
Th ffectiveness of cached connections will be 
determined by the number of LMTP servers in use, 
and the concurrency limit specified for the LMTP 
client. Cached connections are closed under any of 
the following conditions: 


o The LMTP client idle time limit is reached. 
This limit is specified with the Postfix 
max idle configuration parameter. 


o A delivery request specifies a different 
destination than the one currently cached. 


o The per-process limit on the number of 
delivery requests is reached. This limit is 
specified with the Postfix max use configu- 
ration parameter. 


o Upon the onset of another delivery request, 
the LMTP server associated with the current 
session does not respond to the RSET com- 
mand. 


transport destination concurrency limit 
Limit the number of parallel deliveries to the same 
destination via this mail delivery transport. 
transport is the name of the service as specified 
in the master.cf file. The default limit is taken 
from the default destination concurrency limit 
parameter. 


transport destination recipient limit 

Limit the number of recipients per message delivery 
via this mail delivery transport. transport is the 
name of the service as specified in the master.cf 
file. The default limit is taken from the 
default destination recipient limit parameter. 


8 


This parameter becomes significant if the LMTP 
client is used for local delivery. Some LMTP 
servers can optimize delivery of th sam messag 
to multiple recipients. The default limit for local 
mail delivery is 1. 


Setting this parameter to 0 will lead to an 
unbounded number of recipients per delivery. How- 
ever, this could be risky since it may make the 


machine vulnerable to running out of resources if 
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messages ar ncountered with an inordinate number 
of recipients. Exercis car when setting this 
parameter. 
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Timeout controls 
The default time unit is seconds; an explicit time unit 
can be specified by appending a one-letter suffix to the 
value: s (seconds), m (minutes), h (hours), d (days) or w 
(weeks). 


Imtp_connect timeout 
Timeout for opening a connection to the LMTP 
server. If no connection can be made within the 
deadline, the message is deferred. 


lmtp lhlo timeout 
Timeout for sending the LHLO command, and for 
receiving the server respons 


imtp_mail timeout 
Timeout for sending the MAIL FROM command, and for 
receiving the server respons 


lmtp rcpt timeout 
Timeout for sending the RCPT TO command, and for 
receiving the server respons 


lmtp data init timeout 
Timeout for sending the DATA command, and for 
receiving the server respons 


lmtp data xfer timeout 
Timeout for sending the message content. 


lmtp data done timeout 

Timeout for sending the "." command, and for 
receiving the server response. When no response is 
received, a warning is logged that the mail may be 
delivered multiple times. 


lmtp rset timeout 
Timeout for sending the RSET command, and for 
receiving the server respons 


imtp quit timeout 
Timeout for sending the QUIT command, and for 
receiving the server respons 


SEE ALSO 
bounce(8) non-delivery status reports 
local(8) local mail delivery 
master(8) process manager 
gmgr(8) queue manager 
services (4) Internet services and aliases 
spawn (8) auxiliary command spawner 
syslogd(8) system logging 


LICENSE 
The Secure Mailer license must be distributed with this 
software. 

AUTHOR (S) 


Wietse Venema 
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PIPE(8) PIPE(8) 
NAME 

pipe - Postfix delivery to external command 
SYNOPSIS 


pipe [generic Postfix daemon options] command_attributes... 


DESCRIPTION 
The pipe daemon processes requests from the Postfix queue 
manager to deliver messages to external commands. This 
program expects to be run from the master(8) process man- 
ager. 
Message attributes such as sender address, recipient 
address next-hop host name can be specified as com- 
mand-line macros that ar xpanded befor th xternal 


command is executed. 


The pipe 
as finished, 
should be 


daemon updates queue files and marks recipients 
or it informs the queue manager that delivery 
tried again at a later time. Delivery problem 


reports are sent to the bounce (8) or defer(8) daemon as 


appropriate. 


SINGLE-RECIPIENT DELIVERY 
Some external commands cannot handle more than one recipi- 


nt per delivery request. Examples of such transports are 
pagers, 


To prevent 


fax machines, and so on. 


Postfix from sending multiple recipients per 


delivery request, specify 


transport destination recipient limit = 1 


in the Postfix main.cf file, where transport is the name 
in the first column of the Postfix master.cf entry for the 


pipe-based delivery transport. 


COMMAND ATTRIBUTE SYNTAX 


The ext 


ternal command attributes are given in the master.cf 


file at 


flags=BDFORhqu.> (optional) 


t the end of a service definition. The syntax is as 
follows: 


Optional message processing flags. By default, a 
message is copied unchanged. 


B 


Append a blank line at the end of each mes- 
sage. This is required by some mail user 
agents that recognize "From " lines only 
when preceded by a blank line. 


Prepend a "Delivered-To: recipient" message 
header with th nvelope recipient address. 
Note: for this to work, the transport desti- 
nation recipient limit must be 1. 


Prepend a "From sender time_stamp" envelope 
header to the message content. This is 
expected by, for example, UUCP software. 
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O Prepend an "X-Original-To: recipient" mes- 
sage header with the recipient address as 
given to Postfix. Note: for this to work, 
the transport destination recipient limit 
m 


R Prepend a Return-Path: message header with 
th nvelope sender address. 


h Fold the command-line $recipient domain name 
and $nexthop host name to lower case. This 
is recommended for delivery via UUCP. 


q Quote white space and other special charac- 
ters in the command-line $sender and $recip- 
ient address localparts (text to the left of 
the right-most @ character), according to an 
8-bit transparent version of RFC 822. This 
is recommended for delivery via UUCP or 
BSMTP. 


The result is compatible with the address 
parsing of command-lin recipients by the 
Postfix sendmail mail submission command. 


The q flag affects only entire addresses, 
not the partial address information from the 
Suser, Sextension or Smailbox command-line 
macros. 


u Fold the command-line $recipient address 
localpart (text to the left of the right- 
most @ character) to lower case. This is 
recommended for delivery via UUCP. 


Prepend . to lines starting with ".". This 
is needed by, for example, BSMTP software. 


> Prepend > to lines starting with "From ". 
This is expected by, for example, UUCP soft- 
ware. 


user=username (required) 


user=username: groupname 
The external command is executed with the rights of 
the specified username. The software refuses to 
execute commands with root privileges, or with the 
privileges of the mail system owner. If groupname 
is specified, the corresponding group ID is used 
instead of the group ID of username. 


Fh t 


eol=string (optional, default: \n) 
The output record delimiter. Typically one would 
use either \r\n or \n. The usual C-style backslash 
scape sequences are recognized: \a \b \f \n \r \t 
\v \octal and \\. 


size=size limit (optional) 
Messages greater in size than this limit (in bytes) 
will be bounced back to the sender. 
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argv=command... (required) 

The command to be executed. This must be specified 
as the last command attribute. The command is exe- 
cuted directly, i.e. without interpretation of 
shell meta characters by a shell command inter- 
D 


In the command argument vector, the following 
macros are recognized and replaced with correspond- 
ing information from the Postfix queue manager 
delivery request: 


$ {extension} 
This macro expands to the extension part of 


a recipient address. For example, with an 
address usertfoo@domain the extension is 
foo. 

A command-line argument that contains 


${extension} expands into as many command- 
line arguments as there are recipients. 


n 


This information is modified by the u flag 
for case folding. 


$ {mailbox} 
This macro expands to the complete local 
part of a recipient address. For example, 


with an address usertfoo@domain the mailbox 
is usertfoo. 


A command-line argument that contains 
${mailbox} expands into as many command-line 
arguments as there are recipients. 


a 


This information is modified by the u flag 
for case folding. 


${nexthop} 
This macro expands to the next-hop hostname. 
This information is modified by the h flag 
for case folding. 


${recipient} 
This macro expands to the complete recipient 
address. 
A command-line argument that contains 


${recipient} expands into as many command- 
line arguments as there are recipients. 


S 


This information is modified by the hqu 
flags for quoting and case folding. 


${sender} 
This macro expands to th nvelope sender 
address. 


A 


This information is modified by the q flag 
for quoting. 


${size} 


This macro expands to Postfix's idea of the 
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message size, which is an approximation of 
the size of the message as delivered. 


${user} 
This macro expands to the username part of a 
recipient address. For example, with an 
address user+foo@domain the username part is 
user. 


A command-line argument that contains 
${user} expands into as many command-line 
arguments as there are recipients. 


e 


This information is modified by the u flag 
for case folding. 


In addition to the form S{name}, the forms $name and 
$(name) are also recognized. Specify $$ where a single $ 
is wanted. 


DIAGNOSTICS 
Command exit status codes ar xpected to follow the con- 
ventions defined in <sysexits.h>. 


Problems and transactions are logged to syslogd (8). Cor- 
rupted message files are marked so that the queue manager 
can move them to the corrupt queue for further inspection. 


SECURITY 
This program needs a dual personality 1) to access the 
private Postfix queue and IPC mechanisms, and 2) to exe- 


cute external commands as the specified user. It is there- 
fore security sensitive. 


CONFIGURATION PARAMETERS 
The following main.cf parameters ar specially relevant 
to this program. See the Postfix main.cf file for syntax 
details and for default values. Use the postfix reload 
command after a configuration change. 


Miscellaneous 
export environment 
List of names of environment parameters that can be 
exported to non-Postfix processes. 


mail owner 
The process privileges used while not running an 
external command. 


Resource controls 
In the text below, transport is the first field in a mas- 
ter.cf entry. 


transport destination concurrency limit 
Limit the number of parallel deliveries to the same 


destination, for delivery via the named transport. 
The default limit is taken from the default desti- 
nation concurrency limit parameter. The limit is 


enforced by the Postfix queue manager. 


transport destination recipient limit 
Limit the number of recipients per messag deliv- 
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ery, for delivery via the named transport. The 
default limit is taken from the default destina- 
tion recipient limit parameter. The limit is 
enforced by the Postfix queue manager. 


transport time limit 

Limit the time for delivery to external command, 
for delivery via the named transport. The default 
limit is taken from the command time limit parame- 


ter. The limit is enforced by the pipe delivery 


agent. 


SEE ALSO 
bounce (8) non-delivery status reports 
master(8) process manager 


gmar (8) queue manager 
syslogd (8) system logging 


LICENSE 


The Secure Mailer license must be distributed with this 


software. 


74_Mail_Services.sxw - 215 


Linux-Kurs Themen - Mail Services - June 14, 2009 Michel Bisson 


What domain to use in outbound mail 

The myorigin parameter specifies the domain that appears in mail that is posted on this 
machine. The default is to use the local machine name, Smyhostname, which defaults to 
the name of the machine. Unless you are running a really small site, you probably want to 
change that into Smydomain, which defaults to the parent domain of the machine name. 


For the sake of consistency between sender and recipient addresses, myorigin also 
specifies the default domain name that is appended to an unqualified recipient address. 


Examples: 
myorigin = $myhostname (default) 


myorigin = $mydomain (probably desirable) 


What domains to receive mail for 

The mydestination parameter specifies what domains this machine will deliver locally, 
instead of forwarding to another machine. The default is to receive mail for the machine 
itself. 


You can specify zero or more domain names, /file/name patterns and/or type:name 
lookup tables, separated by whitespace and/or commas. A /file/name is replaced by its 
contents; type: name requests that a table lookup is done. If your machine is a mail 
server for its entire domain, you must list $mydomain as well. 


Examples: 
Default setting: 
mydestination = Smyhostname localhost.$mydomain 
Domain-wide mail server: 
mydestination = $myhostname localhost.$mydomain $mydomain 
Host with multiple DNS A records: 
mydestination = $myhostname localhost.$mydomain www.Smydomain 


ftp.Smydomain 
Caution: in order to avoid mail delivery loops, you must list all hostnames of the machine, 
including $myhostname, and localhost.$mydomain. 
What clients to relay mail for 
By default, Postfix will relay mail for clients in authorized networks. 
Authorized client networks are defined by the mynetworks parameter. The default is to 
authorize all clients in the IP subnetworks that the local machine is attached to. 
What trouble to report to the postmaster 


You should set up a postmaster alias that points to a human person. This alias is 
required to exist, so that people can report mail delivery problems. 


The Postfix system itself also reports problems to the postmaster alias. You may not be 
interested in all types of trouble reports, so this reporting mechanism is configurable. The 
default is to report only serious problems (resource, software) to postmaster: 


Default: 
notify_classes = resource, software 
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The meaning of the classes is as follows: 


bounce 
Send postmaster copies of undeliverable mail. If mail is undeliverable, a so- 
called single bounce message is sent, with a copy of the message that was not 
delivered. For privacy reasons, the postmaster copy of a single bounce 
message is truncated after the original message headers. If a single bounce 
message is undeliverable, the postmaster receives a double bounce message 
with a copy of the entire single bounce message. See also the luser relay 
feature. 


2bounce 
Send double bounces to the postmaster. 


delay 
Inform the postmaster of delayed mail. In this case, the postmaster receives 
message headers only. 


policy 
Inform the postmaster of client requests that were rejected because of (UCE) 
policy restrictions. The postmaster receives a transcript of the entire SMTP 
session. 


protocol 
Inform the postmaster of protocol errors (client or server side) or attempts by a 
client to execute unimplemented commands. The postmaster receives a 
transcript of the entire SMTP session. 


resource 
Inform the postmaster of mail not delivered due to resource problems (for 
example, queue file write errors). 


software 
Inform the postmaster of mail not delivered due to software problems. 


Proxy/NAT network addresses 


The proxy_interfaces parameter specifies all network addresses that the Postfix 
receives mail on by way of a proxy or network address translation unit. You may specify 
symbolic hostnames instead of network addresses. 


You must specify your proxy/NAT addresses when your system is a backup MX host for 
other domains, otherwise mail delivery loops will happen when the primary MX host is 
down. 


Examples: 
Default: 
proxy_interfaces = 


Host running backup MTA: 
proxy_interfaces = 1.2.3.4 (the proxy/NAT network address) 
My own hostname 


The myhostname parameter describes the fully-qualified domain name of the machine 
running the Postfix system. $myhostname appears as the default value in many other 
Postfix configuration parameters. 


By default, myhostname is set to the local machine name. If your machine name is not in 
fully-qualified domain name form, or if you run Postfix on a virtual interface, you will have 


74_Mail_Services.sxw - 217 


Linux-Kurs Themen - Mail Services - June 14, 2009 Michel Bisson 


to specify the fully-qualified domain name that the mail system should use. 
Examples: 


myhostname = host.local.domain (local hostname is not FQDN) 
myhostname = host.virtual.domain (virtual interface) 
myhostname = virtual.domain (virtual interface) 


My own domain name 


The mydomain parameter specifies the parent domain of $myhostname. By default it is 
derived from Smyhostname by stripping off the first part (unless the result would be a top- 
level domain). 


Examples: 
mydomain = local.domain 
mydomain = virtual.domain (virtual interface) 


My own networks 


The mynetworks parameter lists all networks that this machine somehow trusts. This 
information can be used by the anti-UCE features to recognize trusted SMTP clients that 
are allowed to relay mail through Postfix. 


You can specify the list of trusted networks in the main. cf file, or you can let Postfix 
deduce the list for you. The default is to let Postfix do the work for you. 


Default: 
mynetworks_style = subnet 


The meaning of the styles is as follows: 


class 
Trust SMTP clients in the class A/B/C networks that Postfix is connected to. 
Don't do this with a dialup site - it would cause Postfix to "trust" your 
entire provider's network. Instead, specify an explicit mynetworks list by 
hand, as described below. 


subnet (default) 
Trust SMTP clients in the IP subnetworks that Postfix is connected to. 


host Trust only the local machine. 
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Alternatively, you can specify the mynetworks list by hand, in which case Postfix ignores 
the mynetworks_style setting. To specify the list of trusted networks by hand, specify 
network blocks in CIDR (network/mask) notation, for example: 


mynetworks = 168.100.189.0/28, 127.0.0.0/8 
You can also specify the absolute pathname of a pattern file instead of listing the patterns 
in the main.cf file. 


My own network addresses 


The inet_interfaces parameter specifies all network interface addresses that the 
Postfix system should listen on; mail addressed to user@ [network address] Will be 
delivered locally, as if it is addressed to a domain listed in $mydestination. 


The default is to listen on all active interfaces. If you run mailers on virtual interfaces, you 
will have to specify what interfaces to listen on. 


You even have to specify explicit machine interfaces for the non-virtual mailer that receives 
mail for the machine itself: the non-virtual mailer should never listen on the virtual 
interfaces or you would have a mailer loop. 


Examples: 


Default: 
inet_interfaces = all 


Host running virtual mailers: 
inet_interfaces = virtual.host.tld (virtual domain) 
inet_interfaces = $myhostname localhost. $mydomain (non-virtual mailer) 


Note: you need to stop and start Postfix when this parameter changes. 
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Postfix Configuration - UCE Controls 


Introduction 


Postfix offers a variety of parameters that limit the delivery of unsolicited commercial email 
(UCE). 


By default, the Postfix SMTP server will accept mail only from or to the local network or 
domain, or to domains that are hosted by Postfix, so that your system can't be used as a 
mail relay to forward bulk mail from random strangers. 


The text in this document describes how you can set up more detailed anti-UCE policies 
that prevent delivery of unwanted email altogether, for example with sendmail-style 
access lists or with RBL (real-time blackhole list) name servers. 


Unless indicated otherwise, all parameters described here are in the main. cf file. If you 
change parameters of a running Postfix system, don't forget to issue a postfix reload 
command. 


Header filtering 

Body filtering 

Client hostname/address restrictions 
Require HELO (EHLO) command 
HELO (EHLO) hostname restrictions 
Require strict RFC 821-style envelope addresses 
Sender address restrictions 
Recipient address restrictions 

ETRN command restrictions 
Generic restrictions 

Additional UCE control parameters 


Header filtering 


The header_checks parameter restricts what is allowed in message headers. Patterns 
are applied to entire logical message headers, even when a header spans multiple lines of 
text. 


By default, the same header_checks patterns are used for primary message headers, 
for MIME headers (including headers at the start of multipart body parts), and for the 
headers at the beginning of attached email messages. 


Default: 
Allow anything in message headers. 
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Syntax: 


Specify a list of zero or more lookup tables. Whenever a header matches a table, the 
action depends on the lookup result: 


REJECT 

REJECT text... 
Reject the message, log the header and the optional text, and send the optional 
text to the originator. 

IGNORE 
Delete the header from the message. 

WARN 

WARN text... 
Log (but do not reject) the header with a warning, and log the optional text. 

HOLD 

HOLD text... 
Place the message on the hold queue. Mail on hold can be inspected with the 
postcat command, and can be destroyed or taken off hold with the postsuper 
command. The optional text is logged together with the matched text. 

DISCARD 

DISCARD text... 
Claim successful delivery and silently discard the message. The optional text is 
logged together with the matched text. 

FILTER transport:nexthop 
After the message is queued, send the entire message through a content filter. 
This requires different cleanup servers before and after the filter, with 
header/body checks turned off in the second cleanup server. More details about 
content filtering are in the Postfix FILTER README file. This feature overrides 
the main.cf content_filter setting. 


At present, specifying a header pattern with OK serves no useful purpose. A rule 
ending in OK affects only the header being matched. The next header may still result 
in a REJECT match, causing the mail still to be rejected. 


Examples (main.cf): 
header_checks 
header_checks 


regexp: /etc/postfix/header_checks 
pcre:/etc/postfix/header_checks 


Example (header_checks): 
/*to: *friend@public\.com$/ REJECT 
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Body filtering 
The body_checks parameter restricts what text is is allowed in message body lines. 


Note: the message body is matched one line at a time. There is no multi-line concept as 
with message headers. 


Default: 
Allow anything in message body lines. 


Syntax: 
Specify a list of zero or more lookup tables. Whenever a body line matches a table, 


the action depends on the lookup result: 


REJECT 

REJECT text... 
Reject the message, log the body line and the optional text, and send the 
optional text to the originator. 

WARN 

WARN text... 
Log (but do not reject) the body line with a warning, and log the optional text. 

IGNORE 
Delete the matched line from the message. 

HOLD 

HOLD text... 
Place the message on the hold queue. Mail on hold can be inspected with the 
postcat command, and can be destroyed or taken off hold with the postsuper 
command. The optional text is logged together with the matched text. 

DISCARD 

DISCARD text... 
Claim successful delivery and silently discard the message. The optional text is 
logged together with the matched text. 

FILTER transport:nexthop 
After the message is queued, send the entire message through a content filter. 
This requires different cleanup servers before and after the filter, with 
header/body checks turned off in the second cleanup server. More details about 
content filtering are in the Postfix FILTER_README file. This feature overrides 
the main.cf content_filter setting. 


At present, specifying a pattern with OK serves no useful purpose. A rule ending in 
OK affects only the line being matched. The next line may still result in a REJECT 
match, causing the mail still to be rejected. 


Examples (main.cf): 
body_checks 
body_checks 


regexp: /etc/postfix/body_checks 
pere:/etc/postfix/body_checks 
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Client hostname/address restrictions 


The smtpd_client_restrictions parameter restricts what clients this system accepts 
SMTP connections from. 


By default, this restriction is applied when the client sends the RCPT TO command. In 
order to have the restriction take effect as soon as possible, specify 
smtpd_delay_reject = no in the Postfix main . cf configuration file. Doing so may 
cause unexpected results with poorly implemented client software. 


Default: 
smtpd_client_restrictions = 


Allow SMTP connections from any client. 

Syntax: 
Specify a list of zero or more restrictions, separated by whitespace or commas. 
Restrictions are applied in the order as specified; the first restriction that matches 
wins. 


In addition to restrictions that are specific to the client hostname or IP address, you 
may list here any restrictions based on the information passed with the 


HELO/EHLO command, on the sender address or on the recipient address. The 
HELO/EHLO, sender or recipient restrictions take effect only if smtpd_delay_reject 
= yes so that all restrictions are evaluated after the RCPT TO command. 


Examples: 
smtpd_client_restrictions = hash:/etc/postfix/access, 
reject_rbl_client relays.mail-abuse.org (paid service) 
smtpd_client_restrictions = hash:/etc/postfix/access, 
reject_rbl_client relays.ordb.org (free service) 
smtpd_client_restrictions = hash:/etc/postfix/access, 
reject_rhsbl_client dsn.rfc-ignorant.org (free service) 
smtpd_client_restrictions = permit_mynetworks, 
reject_unknown_client 


J 


Restrictions: 


reject_unknown_client 
Reject the request when the client IP address has no PTR (address to name) 
record in the DNS, or when the PTR record does not have a matching A (name 
to address) record. The unknown_client_reject_code parameter specifies 
the response code to rejected requests (default: 450). 


permit_mynetworks 
Permit the request when the client IP address matches any network listed in 
Smynetworks. 


reject_rbl_client domain.tld 
Reject the request when the reversed client network address is listed with an A 
record under domain.tid. The maps_rbl_reject_code parameter 
specifies the response code for rejected requests (default: 554), the 
default_rbl_reply parameter specifies the default server reply, and the 
rbl_reply_maps parameter specifies tables with server replies indexed by 
RBL domain. 
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reject_rhsbl_client domain.tld 
Reject the request when the client hostname is listed with an A record under 
domain.tld. See above for additional RBL related configuration parameters. 


check_client_access maptype:mapname 

maptype:mapname 
Search the named access database for the client hostname, parent domains, 
client IP address, or networks obtained by stripping least significant octets. 


permit 

defer 

reject 

warn_if_reject 

reject_unauth_pipelining 
See generic restrictions. 


Require HELO (EHLO) command 


The smtpd_helo_required parameter determines if clients must send a HELO (or 
EHLO) command at the beginning of an SMTP session. 
Requiring this will stop some UCE software. 


Default: 
smtpd_helo_required = no 


By default, the Postfix SMTP server does not require the use of HELO (EHLO). 


Syntax: 
Specify yes Orno. 


Example: 


smtpd_helo_required = yes 
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HELO (EHLO) hostname restrictions 


The smtpd_helo_restrictions parameter restricts what hostnames clients may send 
with the HELO (EHLO) command. Some UCE software can be stopped by being strict here. 


By default, this restriction is applied when the client sends the RCPT TO command. In 
order to have the restriction take effect as soon as possible, specify 
smtpd_delay_reject = no inthe Postfix main.cf£ configuration file. Doing so may 
cause unexpected results with poorly implemented client software. 


Default: 
smtpd_helo_restrictions = 


By default, the Postfix SMTP server accepts any garbage in the HELO (EHLO) 
command. There is a lot of broken or misconfigured software on the Internet. 


Syntax: 
Specify a list of zero or more restrictions, separated by whitespace or commas. 


Restrictions are applied in the order as specified; the first restriction that matches 
wins. 


In addition to restrictions that are specific to HELO (EHLO) command parameters, 
you may list here any restrictions on the client hostname , client address , sender 
address or recipient address. The sender or recipient restrictions take effect only if 
smtpd_delay_reject = yes so that all restrictions are evaluated after the RCPT 
TO command. 


Example: 


smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname 
Restrictions: 


reject_invalid_hostname 
Reject the request when the client HELO or EHLO parameter has a bad 
hostname syntax. The invalid_hostname_reject_code specifies the 
response code to rejected requests (default: 501). 


reject_unknown_hostname 
Reject the request when the hostname in the client HELO (EHLO) command 
has no DNS Aor MX record. The unknown_hostname_reject_code 
specifies the response code to rejected requests (default: 450). 


reject_non_fqdn_hostname 
Reject the request when the hostname in the client HELO (EHLO) command is 
not in fully-qualified domain form, as required by the RFC. The 
non_fqdn_reject_code specifies the response code to rejected requests 
(default: 504). 
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check_helo_access maptype:mapname 
maptype:mapname 
Search the named access databasefor the HELO hostname or parent domains. 


permit 

defer 

reject 

warn_if_reject 

reject_unauth_pipelining 
See generic restrictions. 


Require strict RFC 821-style envelope addresses 

The strict_rfc821_envelopes parameter controls how tolerant Postfix is with respect 
to addresses given in MAIL FROM or RCPT TO commands. Unfortunately, the widely-used 
Sendmail program tolerates lots of non-standard behavior, so a lot of software expects to 
get away with it. Being strict to the RFC not only stops unwanted mail, it also blocks 
legitimate mail from poorly-written mail applications. 


Default: 
strict_rfc821_envelopes = no 


By default, the Postfix SMTP server accepts any address form that it can make sense 
of, including address forms that contain RFC 822-style comments, or addresses not 
enclosed in <>. There is a lot of broken or misconfigured software out there on the 
Internet. 


Example: 


strict_rfc821l_envelopes = yes 


Sender address restrictions 


The smtpd_sender_restrictions parameter restricts what sender addresses this 
system accepts in MAIL FROM commands. 

By default, this restriction is applied when the client sends the RCPT TO command. In 
order to have the restriction take effect as soon as possible, specify 
smtpd_delay_reject = no in the Postfix main.cf£ configuration file. Doing so may 
cause unexpected results with poorly implemented client software. 


Default: 
smtpd_sender_restrictions = 
By default, the Postfix SMTP server accepts any sender address. 


Syntax: 
Specify a list of zero or more restrictions, separated by whitespace or commas. 


Restrictions are applied in the order as specified; the first restriction that matches 
wins. In addition to restrictions that are specific to sender mail addresses, you can 
also specify restrictions based on the information passed with the HELO/EHLO 
command , on the client hostname or network address , or on the recipient address . 
The recipient restrictions take effect only if smtpd_delay_reject = yes so that 
all restrictions are evaluated after the RCPT TO command. 


Example: 
smtpd_sender_restrictions = hash:/etc/postfix/access, 
reject_unknown_sender_domain 
Restrictions: 


reject_unknown_sender_domain 
Reject the request when the sender mail address has no DNS A or MX record. 
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The unknown_address_reject_code parameter specifies the response 
code for rejected requests (default: 450). The response is always 450 in case of 
a temporary DNS error. 


reject_rhsbl_sender domain.tld 
Reject the request when the sender mail address domain is listed with an A 
record under domain.tid. Themaps_rbl_reject_code parameter 
specifies the response code for rejected requests (default: 554), the 
default_rbl_reply parameter specifies the default server reply, and the 
rbl_reply_maps parameter specifies tables with server replies indexed by 
RBL domain. 


check_sender_access maptype:mapname 

maptype:mapname 
Search the named access database for the sender mail address, sender 
domain and parent domain, or localparte. 


reject_non_fqdn_sender 
Reject the request when the address in the client MAIL FROM command is not 
in fully-qualified domain form. The non_fqdn_reject_code specifies the 
response code to rejected requests (default: 504). 


reject_sender_login_mismatch 
Reject the request when $smtpd_sender_owner_maps Specifies an owner 
for the MAIL FROM address, but the client is not (SASL) logged in as that MAIL 
FROM address owner; or when the client is (SASL) logged in, but the client 
login name doesn't own the MAIL FROM address according to 
Ssmtpd_sender_login_maps. 


permit 

defer 

reject 

warn_if_reject 

reject_unauth_pipelining 
See generic restrictions. 
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Recipient address restrictions 


The smtpd_recipient_restrictions parameter restricts what recipient addresses 
this system accepts in RCPT TO commands. 


Default: 
smtpd_recipient_restrictions = permit_mynetworks, 
reject_unauth_destination 


By default, the Postfix SMTP server relays mail: 


« from trusted clients whose IP address matches $mynetworks to any destination, 

« from untrusted clients to destinations that match $relay_domains ora 
subdomain thereof, except for addresses that contain sender-specified routing 
(user@elsewhere@domain). 


In addition to the above, the Postfix SMTP server by default accepts mail for which Postfix 
is the final destination: 


« to destinations that match $inet_interfaces, 

« to destinations that match $mydestination, 

« to destinations that match $virtual_alias_domains, 

« to destinations that match $virtual_mailbox_domains. 


Syntax: 
Specify a list of zero or more restrictions, separated by whitespace or commas. 


Restrictions are applied in the order as specified; the first restriction that matches 
wins. 


In addition to restrictions that are specific to recipient mail addresses, you can also 
specify restrictions based on the sender mail address, on the information passed with 
the HELO/EHLO command , and on the client hostname or network address . 


Example: 


smtpd_recipient_restrictions = permit_mynetworks, 
reject_unauth_destination 


Note: you must specify at least one of the following restrictions: reject, defer, 
defer_if_permit, Ofreject_unauth_destination. Postfix will refuse to 
receive mail otherwise. 


Restrictions: 
permit_auth_destination 
Permit the request when one of the following is true: 

« the resolved destination address matches $relay_domains or a 
subdomain thereof, and the address contains no sender-specified routing 
(user@elsewhere@domain), 

« Postfix is the final destination: any destination that matches 
Smydestination, $inet_interfaces, 
Svirtual_alias_domains, Or $virtual_mailbox_domains. 
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reject_unauth_destination 
Reject the request unless one of the following is true: 

« the resolved destination address matches $relay_domains ora 
subdomain thereof, and the address contains no sender-specified routing 
(user@elsewhere@domain), 

« Postfix is the final destination: any destination that matches 
Smydestination, S$inet_interfaces, 
Svirtual_alias_domains, Or $virtual_mailbox_domains. 

The relay_domains_reject_code parameter specifies the response code 
for rejected requests (default: 554). 


permit_mx_backup 
Permit the request when the local mail system is MX host for the resolved 
destination. This includes the case that the local mail system is the final 
destination. However, the SMTP server will not forward mail with addresses that 
have sender-specified routing information 
(example: user@elsewhere@domain), 


Use the optional permit_mx_backup_networks parameter to also require 
that the primary MX hosts match a list of network blocks. 


Relevant configuration parameters: permit_mx_backup_networks, 
Smydestination, $inet_interfaces. 


check_recipient_access maptype:mapname 

maptype:mapname 
Search the named access database for the resolved destination address, 
recipient domain or parent domain, or localparté. 


check_recipient_maps 
Reject the request when the recipient address is not listed in one of the 
following lookup tables: 


Recipient domain matches Recipient lookup table 


Smydestination or 
Sinet_interfaces 


Slocal_recipient_maps 


Svirtual_alias_domains Svirtual_alias_maps 


Svirtual_mailbox_domains $virtual_mailbox_maps 


Srelay_domains Srelay_recipient_maps 


Note 1: a null $local_recipient_maps or $relay_recipient_maps setting means 
that no recipient check is done for the corresponding domains. 


Note 2: Postfix applies an implicit check_recipient_maps restriction at the 
end of all recipient restrictions. 
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reject_unknown_recipient_domain 
Reject the request when the recipient mail address has no DNS A or MX record. 
The unknown_address_reject_code parameter specifies the response 
code for rejected requests (default: 450). The response is always 450 in case 
of atemporary DNS error. 


reject_rhsbl_recipient domain.tld 
Reject the request when the recipient mail address domain is listed with an A 
record under domain.tid. Themaps_rbl_reject_code parameter 
specifies the response code for rejected requests (default: 554), the 
default_rbl_reply parameter specifies the default server reply, and the 
rbl_reply_maps parameter specifies tables with server replies indexed by 
RBL domain. 


reject_non_fqdn_recipient 
Reject the request when the address in the client RCPT TO command is not in 
fully-qualified domain form. The non_fqdn_reject_code specifies the 
response code to rejected requests (default: 504). 


permit 

defer 

reject 

warn_if_reject 

reject_unauth_pipelining 
See generic restrictions. 
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ETRN command restrictions 


Not really an UCE restriction, the smtpd_etrn_restrictions parameter restricts what 
domains can be specified in ETRN commands, and what clients can issue ETRN 
commands. 


Default: 
smtpd_etrn_restrictions = 


By default, the Postfix SMTP server accepts any ETRN command from any client. 


Syntax: 
Specify a list of zero or more restrictions, separated by whitespace or commas. 
Restrictions are applied in the order as specified; the first restriction that matches 
wins. 


In addition to restrictions that are specific to ETRN domain names, you can also 
specify restrictions based on the information passed with the HELO/EHLO command 
, and on the client hostname or network address . 


Example: 

smtpd_etrn_restrictions = permit_mynetworks, 
hash:/etc/postfix/etrn_access, reject 

Restrictions: 


check_etrn_access maptype:mapname 

maptype:mapname 
Search the named access databasefor the domain specified in the ETRN 
command, or its parent domains. Reject the request if the result is REJECT 
text...or"[45] XX text". Permit the request if the result is OKor RELAYor all- 
numerical. Otherwise, treat the result as another list of UCE restrictions. The 
access_map_reject_code parameter specifies the result code for rejected 
requests (default: 554). 


permit 

defer 

reject 

warn_if_reject 

reject_unauth_pipelining 
See generic restrictions. 
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Generic restrictions 


The following restrictions can use used for client hostnames or addresses, for HELO 
(EHLO) hostnames, for sender mail addresses and for recipient mail addresses. 


Restrictions: 


permit 
Permit the request. This restriction is useful at the end of a restriction list, to 
make the default policy explicit. 


defer 
Defer the request. The client is told to try again later. This restriction is useful at 
the end of a restriction list, to make the default policy explicit. 


reject 
Reject the request. This restriction is useful at the end of a restriction list, to 
make the default policy explicit. The re ject_code configuration parameter 
specifies the response code to rejected requests (default: 554). 


warn_if_reject 
Change the meaning of the next restriction, so that it logs a warning instead of 
rejecting a request (look for logfile records that contain "reject_warning"). 
This is useful for testing new restrictions in a "live" environment without risking 
unnecessary loss of mail. 


reject_unauth_pipelining 
Reject the request when the client sends SMTP commands ahead of time 
without knowing that Postfix actually supports SMTP command pipelining. 
This stops mail from bulk mail software that improperly uses SMTP command 
pipelining to speed up deliveries. 


Additional UCE control parameters 


default_rbl_reply 
The default reply template that is used when an SMTP client request is blocked by a 
reject_rbl or reject_rhsbl restriction. The reply template is subjected to 
exactly one level of $name macro substitution as described below. The 
smtpd_expansion_filter configuration parameter specifies the set of characters 
that are allowed in $name macro expansions. Characters outside the allowed set are 
replaced by "_". 

Default: 
default_rbl_reply = $rbl_code Service unavailable; 
Srbl_class [$rbl_what] blocked using $rbl_domain$ 
{rbl_reason?; Srbl_reason} 


Instead of the form $name you can also specify ${name} or $ (name). 
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Macro expansion syntax: 
Sclient 
The client hostname and IP address, formatted as name[address]. 
Sclient_name 
The client hostname, or unknown. 
Sclient_address 
The client IP address. 
Shelo_name 
The hostname given in the HELO or EHLO command, or the empty string 
when no HELO or EHLO command was given. 
Ssender 
The sender address, or <> in case of the null address. 
Ssender_name 
The sender address localpart, or <> in case of the null address. 
Ssender_domain 
The sender address domain, or the empty string when no domain is 
available. 
Srecipient 
The recipient address, or <> in case of the null address. 
Srecipient_name 
The recipient address localpart, or <> in case of the null address. 
Srecipient_domain 
The recipient address domain, or the empty string when no domain is 
available. 
Srbl_what 
The blacklisted entity: an IP address, a hostname, a domain name, or an 
email address whose domain is blacklisted. 
Srbl_domain 
The RBL domain where $rbl_what is blacklisted with an A record. 
Srbl_reason 
The reason why $rbl_what is blacklisted, or the empty string when no 
information is available. 
Srbl_class 
The blacklisted entity type: Client host, Helo command, Sender address, 
or Recipient address. 
Srbl_code 
The numerical server reply code, as specified with the 
maps_rbl_reject_code configuration parameter (default: 554). 
All other text 
Copied without change, with the exception of conditional macro expansion 
as described below. 


Conditional macro expansion syntax: 


S{name?text} 

expands to text if $name is not empty. 
S${name: text} 

expands to text if $name is empty. 
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permit_mx_backup_networks 
Restrict the use of the permit_mx_backup relay control feature to destinations 
whose primary MX hosts match a list of network blocks. 


Default: 
permit_mx_backup_networks = 


That is, all networks are authorized by default. 
Syntax: 
Specify a list of network blocks in CIDR (network/mask) notation, 
for example: 
permit_mx_backup_networks = 168.100.0.0/16 
You can also specify the absolute pathname of a pattern file instead of 
listing the patterns in the main.cf£ file. 


rbl_reply_maps 
This parameter specifies lookup tables with RBL reply templates indexed by RBL domain 
name. If no template is found, the default_rbl_reply template is used instead. 
Default: 
rbl_reply_maps = 
By default, Postfix always uses the default_rbl_reply template. 
yntax: 
Specify zero or more t ype: name lookup tables, separated by whitespace 
and/or commas. For the syntax of the template reply strings, see the 
default_rbl_reply parameter description. 


relay domaine 
This parameter controls the behavior of the reject_unauth_destination and 


permit_auth_destination restrictions that can appear as part of a recipient 
address restriction list. 


Default: 
relay_domains = $mydestination 


By default, the Postfix SMTP server relays mail: 


from trusted clients whose IP address matches Smynetworks, 

from untrusted clients to destinations that match $Srelay_domains ora 
subdomain thereof, except for addresses that contain sender-specified 
routing (user@elsewhere@domain). 


Syntax: 
Specify zero or more domain names, /file/name patterns and/or 
type: name lookup tables, separated by whitespace and/or commas. 
A /file/name is replaced by its contents; t ype: name requests that table 
lookup is done instead of string comparison. 
A host or destination address matches $relay_domains when its name or 
parent domain matches any of the names, files or lookup tables listed in 
Srelay_domains. 
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smtpd_sender_login_maps 
This parameter specifies ownership of MAIL FROM addresses, as used by the 
reject_sender_login_mismatch sender address restriction. 


Default: 
smtpd_sender_login_maps = 


Syntax: 
Specify zero or more type:name lookup tables, separated by whitespace and/or 
commas. The maps are searched in the specified order. Regexp tables are 
allowed. 


Each map entry specifies a sender address and the login name that owns the 
address. The search order is: 


user@domain owner 
This form has the highest precedence. 


user owner 


This matches user@site when site is equal to $myorigin, when site is 
listed in Smydestination, or when itis listed in $inet_interfaces. 


@domain owner 


This matches every address in the specified domain, and has the lowest 
precedence. 
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Postfix Configuration - Address Manipulation 


Introduction 


Although the initial Postfix release has no address rewriting language, it can do quite a bit 
of address manipulation via table lookup. While a message flows through the Postfix 
system, its addresses are mangled in the order described in this document. 


Unless indicated otherwise, all parameters described here are in the main.cf file. If you 
change parameters of a running Postfix system, don't forget to issue a postfix reload 
command. 


All mail: 
Rewrite addresses to standard form 
Canonical address mapping 
Address masquerading 
Virtual address mapping 
Mail transport switch 
Relocated users table 

Local delivery: 
Alias database 
Per-user .forward files 
Non-existent users 


Rewrite addresses to standard form 


Before the cleanup daemon runs an address through any lookup table, it first rewrites 
the address to the standard user@fully. qualified. domain form, by sending the 
address to the trivial-rewrite daemon. The purpose of rewriting to standard form is 
to reduce the number of entries needed in lookup tables. The Postfix trivial-rewrite 
program implements the following hard-coded address manipulations: 


Rewrite @hosta,@hostb:user@siteto user@site 
The source route feature has been deprecated. Postfix has no ability to handle such 
addresses, other than to strip off the source route. 


Rewrite site!userto user@site 
This feature is controlled by the boolean swap_bangpath parameter (default: yes). 
The purpose is to rewrite UUCP-style addresses to domain style. This is useful only 
when you receive mail via UUCP, but it probably does not hurt otherwise. 


Rewrite user%domainto user@domain 
This feature is controlled by the boolean allow_percent_hack parameter 
(default: yes). Typically, this is used in order to deal with monstrosities such as user 
<domain@otherdomain. 
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Rewrite user to user@Smyorigin 
This feature is controlled by the boolean append_at_myorigin parameter 
(default: yes). The purpose is to get consistent treatment of user on every machine in 
Smyorigin. 


You probably should never turn off this feature, because a lot of Postfix components 
expect that all addresses have the form user@domain. 


If your machine is not the main machine for $myorigin and you wish to have some 
users delivered locally without going via that main machine, make an entry in the 
virtual table that redirects user@Smyorigin to user@Smyhostname. 


Rewrite user@host to user@host. $mydomain 
This feature is controlled by the boolean append_dot_mydomain parameter 
(default: yes). The purpose is to get consistent treatment of different forms of the 
same hostname. 


Some will argue that rewriting host to host .Smydomain is bad. That is why it can 
be turned off. Others like the convenience of having the local domain appended 
automatically. 


Rewrite user@site. to user@site (without the trailing dot). 


Canonical address mapping 


Before the cleanup daemon stores inbound mail into the incoming queue, it uses the 
canonical table to rewrite all addresses in message envelopes and in message 
headers, local or remote. The mapping is useful to replace login names by 

Firstname. Lastname style addresses, or to clean up invalid domains in mail addresses 
produced by legacy mail systems. 


Canonical mapping is disabled by default. To enable, edit the canonical_maps 
parameter in the main. cf file and specify one or more lookup tables, separated by 
whitespace or commas. For example: 


canonical_maps = hash:/etc/postfix/canonical 
In addition to the canonical maps which are applied to both sender and recipient 


addresses, you can specify canonical maps that are applied only to sender addresses or 
to recipient addresses. For example: 


sender_canonical_maps = hash:/etc/postfix/sender_canonical 
recipient_canonical_maps = hash:/etc/postfix/recipient_canonical 


The sender and recipient canonical maps are applied before the common canonical maps. 


Sender-specific rewriting is useful when you want to rewrite ugly sender addresses to 
pretty ones, and still want to be able to send mail to the those ugly address without 
creating a mailer loop. 
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Address masquerading 


Address masquerading is a method to hide all hosts inside a domain behind their mail 
gateway, and to make it appear as if the mail comes from the gateway itself, instead of 
from individual machines. 


Address masquerading is disabled by default. To enable, edit the masquerade_domains 
parameter in the main. cf file and specify one or more domain names separated by 
whitespace or commas. The list is processed left to right, and processing stops at the first 
match. Thus, 


masquerade_domains = foo.example.com example.com 


strips any. thing. foo.example.comto foo.example.com, but strips 
any.thing.else.example.comto example.com. 


A domain name prefixed with ! means do not masquerade this domain or its subdomains. 
Thus, 


masquerade_domains = !foo.example.com example.com 


does not change any.thing.foo.example.com and foo.example.com, but strips 
any.thing.else.example.com to example.com. 


The masquerade_exceptions configuration parameter specifies what user names 
should not be subjected to address masquerading. Specify one or more user names 
separated by whitespace or commas. For example, 


masquerade_exceptions = root 


By default, Postfix makes no exceptions. 


Subtle point: by default, address masquerading is applied only to message headers and to 
envelope sender addresses, but not to envelope recipients. This allows you to use address 
masquerading on a mail gateway machine, while still being able to forward mail from 
outside to users on individual machines. 


In order to subject envelope recipient addresses to masquerading, too, specify (only 
available with Postfix versions after 20010802): 


masquerade_classes = envelope_sender, envelope_recipient, 
header_sender, header_recipient 


If you do this, Postfix will no longer be able to send mail to individual machines. 
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Virtual address aliasing 


After applying the canonical and masquerade mappings, the cleanup daemon uses the 
virtual alias table to redirect mail for all recipients, local or remote. The mapping 
affects only envelope recipients; it has no effect on message headers or envelope 
senders. Virtual alias lookups are useful to redirect mail for simulated virtual domains to 
real user mailboxes, and to redirect mail for domains that no longer exist. Virtual alias 
lookups can also be used to transform Firstname. Lastname back into UNIX login 
names, although it seems that local aliases are amore appropriate vehicle. 


Virtual aliasing is disabled by default. To enable, edit the virtual_alias_maps 
parameter in the main. cf file and specify one or more lookup tables, separated by 
whitespace or commas. For example: 


virtual_alias_maps = hash:/etc/postfix/virtual 
Addresses found in virtual alias maps are subjected to another iteration of virtual aliasing, 
but are not subjected to canonical mapping, in order to avoid loops. 
Mail transport switch 


Once the address rewriting and resolving daemon has established the destination of a 
message, it determines the default delivery method for that destination. Postfix 
distinguishes four major address classes, each with its own default delivery method. 


Destination matches a delivery Controlling parameter 
Smydestination or 

Eeer E local $local_transport 
$virtual_mailbox_domains virtual Svirtual_transport 
$relay_domains relay (clone of smtp) $relay_transport 
none smtp Sdefault_transport 


The optional transport table overrides the default message delivery method (this table 
is used by the address rewriting and resolving daemon). The transport table can be used 
to send mail to specific sites via UUCP, or to send mail to a really broken mail system that 
can handle only one SMTP connection at a time (yes, such systems exist and people used 
to pay real money for them). 


Transport table lookups are disabled by default. To enable, edit the transport_maps 
parameter in the main.cf file and specify one or more lookup tables, separated by 
whitespace or commas. For example: 


transport_maps = hash:/etc/postfix/transport 


Relocated users table 


Next, the address rewriting and resolving daemon runs each recipient name through the 
relocated database. This table provides information on how to reach users that no 
longer have an account, or what to do with mail for entire domains that no longer exist. 
When mail is sent to an address that is listed in this table, the message is bounced with an 
informative message. 
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Lookups of relocated users are disabled by default. To enable, edit the relocated_maps 
parameter in the main.cf file and specify one or more lookup tables, separated by 
whitespace or commas. For example: 


relocated_maps = hash:/etc/postfix/relocated 


Alias database 


When mail is to be delivered locally, the local delivery agent runs each local recipient 
name through the aliases database. The mapping does not affect addresses in 
message headers. Local aliases are typically used to implement distribution lists, or to 
direct mail for standard aliases such as postmaster to real people. The table can also be 
used to map Firstname. Lastname addresses to login names. 


Alias lookups are enabled by default. The default configuration depends on the system 
environment, but it is typically one of the following: 


hash:/etc/aliases 
dbm:/etc/aliases, nis:mail.aliases 


alias_maps 
alias_maps 


The path to the alias database file is controlled via the alias_database configuration 
parameter. The value is system dependent. Usually it is one of the following: 


hash:/etc/aliases (4.4BSD, LINUX) 
dbm:/etc/aliases (4.3BSD, SYSV<4) 
dbm:/etc/mail/aliases (SYSV4) 


alias_database 
alias_database 
alias_database 


For security reasons, deliveries to command and file destinations are performed with the 
rights of the alias database owner. A default userid, default_privs, is used for 
deliveries to commandsfiles in root-owned aliases. 


Per-user . forward files 


Users can control their own mail delivery by specifying destinations in a file called 
. forward in their home directories. The syntax of these files is the same as with system 
aliases, except that the lookup key and colon are not present. 


Non-existent users 


When the local delivery agent finds that a message recipient does not exist, the message 
is normally bounced to the sender (user unknown"). Sometimes it is desirable to forward 
mail for non-existing recipients to another machine. For this purpose you can specify an 
alternative destination with the luser_relay configuration parameter. 

Alternatively, mail for non-existent recipients can be delegated to an entirely different 
message transport, as specified with the fallback_transport configuration 
parameter. For details, see the local delivery agent. 


Note: if you use the luser_relay feature in order to receive mail for non-UNIX 
accounts, then you must specify: 


local_recipient_maps = 


(i.e. empty) in the main. cf file, otherwise the Postfix SMTP server will reject mail for non- 
UNIX accounts with "User unknown in local recipient table". 
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luser_relay can specify one address. It is subjected to $name expansions. The most 
useful examples are: 


Suser@other.host : 
The bare username, without address extension, is prepended to @other.host. 
For example, mail for username+foo is sent to username@other.host. 


Smailbox@other.host 
The entire original recipient localpart, including address extension, is prepended to 
@other.host. 
For example, mail for username+foo is sent to username+foo@other. host. 


sysadmin+t$user 
The bare username, without address extension, is appended to sysadmin. 
For example, mail for username+foo is sent to sysadmin+username. 


sysadmin+Smailbox 


The entire original recipient localpart, including address extension, is appended to 
sysadmin. 


For example, mail for username+foo is sent to sysadmin+username+foo. 
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e Mail Statistics with 'Awstats' 


AWStats is a statistics program that generates web sites that displays statistics based on 
web logs , FTP logs or Mail logs. It is written in perl and can be run as a CGI or as a 
standalone command(normally as a cron job). 


The following instructions are concerning uniquely the running of awstats as a standalone 
program. Since SuSE doesn't provide AWSTats in their installation CDs/DVD this 
installation example was made on Debian Sarge. 


e Installing awstats 


o Runthe command 
apt-get install awstats 
The help files are located in /usr/share/doc/awstats/html 


o Create 2 sub directories of the web site(script output) called 
awstats-icon and cgi-bin eg. 
mkdir /home/www/mydomain.com/mailstats/awstats-icon 
mkdir /home/www/mydomain.com/mailstats/cgi-bin 


o Copy the main script (awstats .pl)to the /websitePath/cgi-bin eg. 
cp /usr/lib/cgi-bin/awstats.pl \ 
/home/www/mydomain.com/mailstats/cgi-bin/ 


e Configuring awstats 


The main configuration file is: 
/etc/awstats/awstats.conf 


it is the default config file. If another config file is prefered then the command 
line needs to include the following parameter: 

eg. .... -config=mail 

which will tell awstats.pl to use the configuration file: 
/etc/awstats/awstats.mail.conf 


e Setting AWSTats for Mail Statistics 

You must setup AWStats to use a mail log file preprocessor (maillogconvert.pl 
is provided into AWStats tools directory, but you can use the one of your choice): 
For this, copy config "awstats.model.conf"file to "awstats.mail.conf". 
Modify this new config file: For standard Postfix, Sendmail, MDaemon and standard 
QMail logfiles, set 

LogFile="perl /path/to/maillogconvert.pl standard < /pathtomaillog/maillog |" 

If the logfiles are compressed, they can be processed this way 


LogFile="gzip -cd /var/log/maillog.0.gz|/path/to/maillogconvert.pl standard |" 


Then, whatever is you mail server, you must also change: 
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SiteDomain="mydomain.com" 
Lang="de" (only if German language is desired) 


LogType=M 

LogFormat="%time2 %email temail_r thost Shost_r Smethod Surl %Scode %bytesd" 
LevelForBrowsersDetection=0 
LevelForOSDetection=0 
LevelForRefererAnalyze=0 
LevelForRobotsDetection=0 
LevelForWormsDetection=0 
LevelForSearchEnginesDetection=0 
LevelForFileTypesDetection=0 
ShowMenu=1 

ShowSummary=HB 
ShowMonthStats=HB 
ShowDaysOfMonthStats=HB 
ShowDaysOfWeekStats=HB 
ShowHoursStats=HB 
ShowDomainsStats=0 
ShowHostsStats=HBL 
ShowAuthenticatedUsers=0 
ShowRobotsStats=0 
ShowEMailSenders=HBML 
ShowEMailReceivers=HBML 
ShowSessionsStats=0 
ShowPagesStats=0 
ShowFileTypesStats=0 
ShowFileSizesStats=0 
ShowBrowsersStats=0 
ShowOSStats=0 
ShowOriginStats=0 
ShowKeyphrasesStats=0 
ShowKeywordsStats=0 
ShowMiscStats=0 
ShowHTTPErrorsStats=0 
ShowSMTPErrorsStats=1 


e Running AWStats from the command line: 
The command line needs to following format: 


perl /path/to/awstats.pl -config=xxxx options 


eg. 

perl /home/www/mydomain.com/mailstats/cgi-bin/awstats.pl \ 
-config=mail \ 
-update \ 
-output > /home/www/mydomain.com/mailstats/index.html 


This command will update (-update) only the new data from the already processed, 

it will use the configuration file /etc/awstats/awstats.mail.conf and will 

create the report in html format in: 
/home/www/mydomain.com/mailstats/index.html 


e Configuring Apache for reading the results 
Because some of the links placed into this web page are running the cgi 
awstats.pl, Apache needs to be configured accordingly. 


eg. 

<VirtualHost 153.67.246.28> 
ServerName mailstats.mydomain.com 
DocumentRoot /home/www/mydomain.com/mailstats 
<Directory /home/www/mydomain.com/mailstats> 
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DirectoryIndex index.html 
Allow from All 
AuthName "Mail Statistics“ 
AuthType Basic 
AuthUserFile /home/www/mywebsite/auth_users 
Require user martin aline 
Satisfy all 

</Directory> 

<Directory /home/www/mydomain.com/mailstats/cgi-bin> 
AllowOverride None 
options ExecCGI 
SetHandler cgi-script 

</Directory> 

</VirtualHost> 
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Using Postfix 


A basic guide on configuring and installing the Postfix mail server. 


By Alan P. Laudicina 


Introduction 


Tired of the sendmail's cryptic configuration, or do you find yourself complaining about its 
speed? Well then, postfix could be the MTA for you. The Postfix website defines postfix as 
a MTAwhich "attempts to provide an alternative to the widely-used Sendmail program." If 
it's soeed and security you're looking for, Postfix is a very nominal choice for a MTA. 
According to the project's web site, Postfix is up to three times faster than its closest 
competitor, boasting the capability to send up to 1,000,000 different messages in a day. 
The MTA uses multiple layers of defense to protect the local system against intruders, as 
well as having the ability to run in a chroot jail. Installing on most operation systems is a 
trivial procedure, although in FreeBSD installation should be done differently to avoid the 
overwriting of the binaries when a make world is done. Another way to avoid this is to 
use a mail wrapper. (For more information on mail wrappers read the "Mail Wrappers" 
heading under the Installation section.) 


Configuration 


All of the many configuration parameters can be found in the main.cf file, located in the 
./conf directory in the postfix source. You need not change every parameter, as they 
are set to sensible defaults. Here are the details on some of the more important 
parameters, which will affect the performance of Postfix the most. Please note that if you 
change the main.cf file after installation, you must issue the postfix reload command. 
After installation, the main.cf file can be found in the /etc/postfix directory. 


queue_directory - the location of the Postfix queue as well as the root dir of the 
postfix daemons that run chrooted. This field should be left with the default 
/var/spool/postfix 


daemon_directory - the location of the daemon programs such as smptd, 
pickup, cleanup, etc. 


mail_owner - the owner of Postfix's queue and most of the daemon processes. 
For this you must add a user to your machine, this has to be a user that owns no 
other files or processes (so using nobody here is a very bad idea for security 
reasons). 


myorigin - the origin is set to $myhostname by default, which defaults to the local 
hostname of the machine. This should not be used unless you are running a very 
small site. Most people want to change myorigin to $mydomain which will default 
to the parent domain of the machine name 

(i.e. if the hostname is lame. unixpower.org and you are using $myhostname, 
the origin will be Lame. unixpower.org. On the other hand if you were using 
$mydomain, the origin will be unixpower.org.) 
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inet_interfaces - the inet_interfaces parameter defines which network interface 
addresses that the stmp daemon will listen on. By default this is set to all, which will 
listen on any active interface on the machine. This will control the delivery to 
users@<IP>. 


mydestination - this parameter specifies the list of domains that the machine 
considers itself. The default of Smyhostname and localhost .$mydomain should 
do here. Don't specify the virtual domains that are hosted on the machine here! 


mailbox_command - this parameter defines the external command to use instead 
of local mailbox delivery. It is a completely optional parameter. If you're interested in 
having procmail to do your mail, this is where you set it. 


mynetworks - mynetworks specifies a certain list of network addresses that are 
local to this machine. The list is used to distinguish users from strangers. The 
addresses go in the format of X.X.X.0/X and can be separated by a comma. By 
default the list of all of the networks attached to the machine is a complete class A 
network (X.0.0.0/8), a complete class B network (x.xX.0.0/16), a complete 
class C network (X.X.X.0/24), and so on. You can also specify a path of a pattern 
file instead of listing the patterns here. 


Compilation 


The compilation of Postfix is a very fast and easy task. In BSD, the only thing you will need 
to do is go to the main postfix directory and type make. Compiling Postfix is much faster 
on my machine then compiling sendmail, taking only a minute and fifty seconds (ona 
Pentium II 300 with 160mb of RAM). Sendmail takes approximately a minute more than 
compiling Postfix on the same machine. 


Installation 


After the configuration and compilation of Postfix, installation is the last step. To install 
Postfix on a BSD machine, you must first move the sendmail binaries so that you can 
replace the files without overwriting them. To do this you can su to root and execute the 
following commands: 


# mv /usr/sbin/sendmail /usr/sbin/sendmail.old 

# mv /usr/bin/mailq /usr/bin/mailq.old 

# mv /usr/bin/newaliases /usr/bin/newaliases.old 

# chmod 755 /usr/sbin/sendmail.old /usr/bin/mailg.old /usr/bin/newaliases.old 


Note: After a make world to your BSD system, the Postfix binaries will be replaced with 
sendmail libraries. This makes it a very good idea to not delete the Postfix source tree 
after compilation, so in the future after a make world you can always come back and 
repeat the steps for the installation of the Postfix binaries listed above. 


Mail Wrappers 


Some BSD machines may pack with a mail wrapper. It is used so that you can easily have 
several MTAs installed at the same time. The mail wrapper is not required, but if you plan 
to use it, you should definitely read the mailwrapper(8) and mailer.conf(5) man 
pages. Instead of replacing the sendmail binaries, you could simply setup the 
/etc/mailer.conf (or /etc/mail/mailer.conf) with something like: 


# Emulate sendmail using postfix 


sendmail /usr/libexec/postfix/sendmail 
send-mail /usr/libexec/postfix/sendmail 
mailg /usr/libexec/postfix/sendmail 
newaliases /usr/libexec/postfix/sendmail 
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After the installation of the Postfix binaries you must create the user that postfix will run as. 
This user is to be named 'postfix' and have a unique user and group id, with a non-existent 
shell (so that nobody can login to the account for security reasons), the account does not 
require to have an existing home directory either. To add the account to my machine, | 
executed the following commands: 


cho "postfix: *:33333:33333:Postfix Mail Daemon:/nonexistant:/sbin/nologin" \ 
>> /etc/passwd 
cho "maildrop:*:33335:" >> /etc/group 


(Before you add the 'post fix' user and the 'maildrop' group, you may want to make 
sure the uid and gid | use are available. To do this look through the /etc/passwd and 
/etc/group files with a command like more /etc/passwdormore /etc/group. 
You may also use the useradd(8) command.) 

After you add the user that the mail daemon will run as, it is a good idea to forward all that 


user's email to root. We do this because nobody can login as the user postfix, so itis a 
good idea to forward any email it gets to root. Here is how you add the alias: 


# echo "postfix: root" >> /etc/aliases 


Now comes a decision for the person who is installing postfix from the directions | am 
giving. If a world-writable maildrop is okay with you, you can skip the next section and go 
to the "sh INSTALL.sh" section. If you want to protect the maildrop directory, read the 
following section. 


Protecting your Maildrop directory 


By default, postfix installs with a world-writable, mode 1733, sticky maildrop so that local 
users can submit mail. Well this method avoids using set-[gu]id software, it is usually a bad 
idea if you have some annoying lusers. The world-writable maildrop would allow those 
users to fill the maildrop directory with masses of garbage and possibly crash the mail 
system. So to avoid this, we will add another group that is unique suck as the ‘post fix' 
group. You can do this with the following command: 


+ echo "maildrop:*:33335:" >> /etc/group 


After you add the maildrop group, you can proceed to the next section. 


sh INSTALL. sh 


If you have made it this far, you are ready to start the "real" installation program. You can 
do this by going to the top level directory of the postfix source and executing the following 
command: 


# sh INSTALL.sh 
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This will run you through a script that will ask for input. The defaults are fine here until you 
get the the "setgid: [no]" option. When you get here if you followed section 5, then 
you want to replace the no by typing "maildrop" and then pressing enter. If you skipped 
section 5 and are installing with a non-protected maildrop directory, then you can just leave 
this with the default "no" option. After this step the "manpages" option should also be left 
with the default selection. 


Replacing sendmail forever 


This document teaches how to replace sendmail forever on the BSD system. Todo this we 
are going to need to kill the sendmail daemon and restart it so that it only sends out the 
messages it may have queued. Todo this you want to execute the following commands: 


# kill -9 “ps ax | grep '[sJendmail' | awk '{ print $1 }'` 
# /usr/sbin/sendmail.old -q 
# postfix start 


Postfix can be started using the same syntax as sendmail, so it is not required to change 
the /etc/rc.conf file. When first run you should watch the syslog for complaints from Postfix. 
Since we changed the main.cf file previously, you should now have a completely running 
mail daemon. You can find all the configuration files in /etc/postfix. When you modify any of 
these files you must reload the daemon using postfix reload as root. 
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Using White Listing 


I'm using one of the blacklists to block spam and it's working fine. Now one of our 
customers/partners has got themselves listed, so my mail server is dutifully rejecting their 
messages. Is there a way to allow just their messages but still use the blacklist? 


You can create a whitelist that will accept messages from certain addresses or domains. 
For example: 


main.cf 


smtpd recipient restrictions = 
permit mynetworks 
reject unauth destination 


check_sender_ access hash: /etc/postfix/whitelist 
reject_rbl_ client dnsbl.njabl.org 


whitelist 


@customer domain.com OK 


Make sure the whitelist check occurs before the reject_rbl_client check. Remember 
that email addresses are easily faked. Whenever you add whitelisting to your configuration 
be very careful that you don't expose your server to open relaying. Make sure that your 

whitelisting occurs after reject unauth destination (or another rejection restriction). 


MAILDIR Mailbox configuration: 
Normally the mailbox is in /var/mail/username in 'mbox' format. 
To change the mailbox type to Maildir Format do the following: 
-In /etc/postfix/main.cf: 
Make sure the directive 'mailbox_command' is as follows: 
mailbox command = procmail -a "$EXTENSION" 
-Add the -/.procmailrc file with the following content(NOT /etc/procmailrc): 
MAILDIR=SHOME/Maildir 


30 
$MAILDIR/ 
- Add a copy ofthe file ~/.procmailrc /etc/skel/.procmailrc 
Add the additional directory: /etc/skel/Maildir/ 
and the following subdirectories: /etc/skel/Maildir/cur 


/etc/skel/Maildir/new 
/etc/skel/Maildir/tmp 

- Create the same structure for each existing user. eg. 
/home/username/Maildir/ 
/home/username/Maildir/cur 
/home/username/Maildir/new 
/home/username/Maildir/tmp 


and give their ownership to the user. 
chown -R username. /home/username/Maildir/ 
- Add a copy of the file ~/ .procmailrc /home/username/.procmailrc 
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- If the dovecot-imapd is used, Make sure it is configured accordingly: 
/etc/dovecot/dovecot.conf 
protocols = imap 
mail location = maildir:~/Maildir 
maildir copy with hardlinks=yes 


- No special changes needed for squirrelmail 


Problems with Debian Amavis and ClamAV Daemon 


UPDATE: Since | wrote this HOWTO, | found there is a very simple way to fix the file permission issues 
without performing all the user changes and file ownership changes | have listed below in the original 
HOWTO. The original HOWTO may however still provide insight into other clamd.conf and freshclam.conf 
configuration options. 


One requirement for a successful installation is 'AllowSupplementaryGroups yes' must be included in 
clamd.conf. Another requirement is the value after CONTSCAN in amavisd.conf must match the 
LocalSocket parameter in clamd.conf (change amavisd.conf if it does not). A third requirement is 
TCPSocket cannot be used simultaneously with LocalSocket so TCPSocket must be commented out 
and LocalSocket must be enabled. The group that your amavisd-new user belongs to must also have 
write privileges to the amavisd-new user's home directory and subdirectories. This step should have been 
done during the installation of amavisd-new, and would consist of doing something similar tochmod -R 
750 /var/amavis or chmod -R 750 /var/lib/amavis (adjust path as needed). Once you have ClamAV 
installed and the clamav user and clamav group have been created and the above requirements have 
been met, all you may need to do is make the user "clamav" a member of the same group that the 
amavisd-new user belongs to. Your amavisd-new user likely belongs to the "amavis" or "vscan" group. If 
that is the case you would issue the command: 


gpasswd -a clamav amavis 
(or) 
gpasswd -a clamav vscan (for example) 


You can test that clamav now belongs to both groups by issuing the command "groups clamav". The 
command above may not bring the desired result on some systems, so as an alternative you can directly 
edit /etc/group (use vigr if it's installed and you are familiar with vi commands) and manually add the 
user "clamav" to the "amavis" or "vscan" group: 


amavis:x:104:clamav 
(or) 
vscan:x:999:clamav (for example) 


As a third alternate, you could (for example) possibly use usermod -G amavis clamav but if you do, 
be very careful that you use an upper case "G" or you will have a mess to fix. Then, of course, stop and 
restart clamd and amavisd (amavisd-new), or simply reboot (if appropriate). Send atest virus through and 
read the log files. | suggest downloading eicar.com.txt, renaming it to eicar.txt and then attaching it to the 
email. Give it a try. If it doesn't work, try the other "change owner and ownership" method outlined in the 
original HOWTO below. Also consider that SELinux or AppArmor may interfere with the way clamd and 
amavisd-new work together. If you use SELinux or AppArmor | leave it up to you to solve that problem. 
This document assumes the reader knows to comment out "@bypass_virus_checks_*" to enable virus 
scanning (and to also uncomment the "ClamAV-clamd" code in the @av_scanners section). One last 
note: in at least one version of the 0.90 release, it can take several minutes for clamd to create the Unix 
socket. If you are using a 0.90 version, please allow several minutes for creation of the clamd socket 
once clamd is started. Better yet, upgrade to the latest version. 


And now the original HOWTO: 


It seems many people get frustrated when trying to configure ClamAV to work with amavisd-new. They get 
the ClamAV daemon (clamd) installed via their distro's package maintainer or they download the source and 
install it from there. Part of the frustration comes from the inconsistent placement of files between different 
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versions of ClamAV and different versions of binary packages available, but this can be said of nearly any 
program that consists of more than a few files. Partly because of these inconsistencies it becomes difficult 
for anyone to instruct a person on how to configure ClamAV for use with amavisd-new. 


If you have the opportunity, you should install the binary package available for your distribution. Binary 
packages are available for Debian, RedHat Fedora, PLD Linux Distribution, Mandrake, Slackware, FreeBSD, 
OpenBSD, NetBSD and AIX. Installing and configuring ClamAV from source code is somewhat more 
daunting and you will have to come up with way to start clamd automatically and automate the virus 
definition database updates. | suggest you read through this document, then read the ClamAV 
documentation. 


I suggest running updatedb andthen locate clam | more and locate .cvd_ to find where the 
files are located. If you would like to move some of the data files that ClamAV uses (the ones that are 
referred to in the configuration files) you can create new directories and move the files there provided you 
also make the changes in the configuration files and change the ownership of the new directories (and the 
files contained therein). 


Almost all the problems with clamd (as it relates to amavisd-new) stem from file permission issues or 
an incorrectly configured LocalSocket. From what | see, when clamd is installed, the "clamav" user that is 
created (either manually or by the installation process) is the only "normal" user that can write to the files that 
the program uses during it's operation. Thus, when you install the clamd daemon the first time, and you try to 
use it with amavisd-new, you may get "Can't connect to UNIX socket". This is because you are running 
amavisd-new as a different user (probably "amavis" or "vscan" or something) and that user does not have 
permission to write to a file that the two programs use to communicate with each other (the LocalSocket file). 


| imagine you could break all the security that ClamAV has set up and allow anyone to write it's files, but | 
don't want to break stuff. One alternative is to set ClamAV up to run under the same user that amavisd-new 
runs under and then hand the ownership of the ClamAV files over to that user. Let's call that user "amavis" 
from now on. Fortunately, the ClamAV developers expected there might be instances where doing this might 
be necessary so they built the capability into the program. So our somewhat simple task is to change the 
owner the program runs under, then change the ownership of the files that it writes to. 


The examples below are from a Debian machine on which | installed clamav-daemon version 0.90.1-1 using 
"apt-get -t unstable install clamav clamav-daemon". Use the following directory names and file names and 
user names only as examples. They are provided to illustrate the concepts and your system may use 
different directories, file names and user names. 


Open up your /etc/clamav/clamd.conf with your favorite editor. 
This is the clamav main configuration file. Look for a line similar to this: 
LocalSocket /var/run/clamav/clamd.ctl 

Make a note of this. 


Now open up your amavisd.conf, mine is /etc/amavis/amavisd.conf 
and look for the section: 
['Clam Antivirus-clamd', 
\gask daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"], 
qr/\bOKS/, qr/\bFOUNDS/, 
qr/*.*?: (?!Infected Archive) (.*) FOUNDS/ ], 


The text illustrated above must match the LocalSocket parameter you found in 
clamd.conf. 

Edit amavisd.conf to match what you found in clamd.conf if it is different. 

This "clamd.ctl" is the file that is shared between the two programs and the reason we 
have problems. 

Now open up the clamd.conf file again (mine is /etc/clamav/clamd.conf) 
Below is illustrated the items in the file we are interested in: 


LocalSocket /var/run/clamav/clamd.ctl 
User clamav 

‚ogFile /var/log/clamav/clamav.log 
PidFile /var/run/clamav/clamd.pid 
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DatabaseDirectory /var/lib/clamav/ 


We need to edit this file and change: 
User clamav 

to 

User amavis 


Remember, you may be using a different name for your amavisd-new user. 

Notice, that in my system, there are 3 directories listed above: 

/var/run/clamav 

/var/log/clamav 

/var/lib/clamav 

Now let's change the ownership of the 3 directories shown above (and the files contained 
therein) so "amavis" can write to them. 

Before you do this, be aware, not all installations use a /var/log/clamav directory. 
If your LogFile parameter reads something like LogFile /var/log/clamav.log 


In this case you would only change ownership of the FILE, like so: 

chown amavis:amavis /var/log/clamav.log 

This applies any time the ClamAV file(s) we want to change ownership of are not in 
a directory specifically created to hold ClamAV files. 


chown -R amavis:amavis /var/run/clamav 
chown -R amavis:amavis /var/lib/clamav 
and provided you have a separate directory for your log files: 
chown -R amavis:amavis /var/log/clamav 


The virus definition database update program "freshclam" has a configuration file that also 
needs to be modified. 

Mine is called /etc/clamav/freshclam.conf 
Open this file in your editor. The items we are interested in are: 


DatabaseOwner clamav 
UpdateLogFile /var/log/clamav/freshclam.log 


Change the DatabaseOwner to amavis (or whatever your amavis user is named) and 
make a note of the location of the log file. 

As mentioned above, if freshclam.log isnotinits own clamav directory then only 
change ownership of the freshclam.log file, not the entire directory. In our case, we 
already changed the ownership of the /var/log/clamav directory and all it's 
contents, so we don't have any more to do here. Your system may differ, so you may need 
to change ownership. 


On my Debian system there are two more files that have to be modified. They are the files 
that control the maintenance of our log files. You will not necessarily have these files on 
your system. Our log files get "rotated" by the "logrotate" program each week and these 
files, if left unchanged, will assign "clamav" as the owner of any new log files it creates. If it 
does this, we will not be able to write to them. Not a good thing. 


These files, on my Debian system are: 

/etc/logrotate.d/clamav-daemon (controls the clamav.log) 
and 
/etc/logrotate.d/clamav-freshclam (controls the freshclam.log) 


The interesting parts of /etc/logrotate.d/clamav-daemon on my system are: 


create 640 clamav adm 
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/etc/init.d/clamav-daemon reload > /dev/null 


Edit this file and change: 

create 640 clamav adm 
to 
create 640 amavis adm 


Also shown above is how the clamav-daemon is shutdown and restarted. 
(/etc/init.d/clamav-daemon reload) 
Handy to know. 


We need to do the same thing with /etc/logrotate.d/clamav-freshclam 


create 640 clamav adm 
/etc/init.d/clamav-freshclam reload > /dev/null 


Edit this file and change: 

create 640 clamav adm 
to 
create 640 amavis adm 


We should reload clamd with the command we found above (/etc/init.d/clamav- 
daemon reload) in order for the daemon to read it's new configuration. Your system will 
probably differ here. At any rate, you need to stop and restart the clamd process. 


Also do the same for freshclam: (/etc/init.d/clamav-freshclam reload) 

If there are errors in the configuration, it should tell you. 

You will also need to stop and restart (or reload) amavisd-new. 

If e is anew computer you are building (not in production yet), | suggest you simply 
reboot. 


FYI: These are my configuration files in their entirety (version 0.90.1): 


/etc/clamav/clamd.conf: 


LocalSocket /var/run/clamav/clamd.ctl 

FixStaleSocket true 

User amavis user can be clamav if clamav is a member of amavis group 
AllowSupplementaryGroups true 

ScanMail true 
ScanArchive true 
ArchiveMaxRecursion 5 
ArchiveMaxFiles 1000 
ArchiveMaxFileSize 21M 
ArchiveMaxCompressionRatio 250 
ArchiveLimitMemoryUsage false 
ArchiveBlockEncrypted false 
MaxDirectoryRecursion 15 
FollowDirectorySymlinks false 
FollowFileSymlinks false 
ReadTimeout 180 

MaxThreads 12 
MaxConnectionQueueLength 15 
StreamMaxLength 10M 

ogSyslog false 

‚ogFacility LOG LOCAL6 
LogClean false 
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LogVerbose false 
PidFile /var/run/clamav/clamd.pid 
DatabaseDirectory /var/lib/clamav 
TemporaryDirectory /tmp 

SelfCheck 3600 

Foreground false 

Debug false 

ScanPE true 

ScanOLE2 true 

ScanHTML true 
DetectBrokenExecutables false 
ailFollowURLs false 
ArchiveBlockMax false 

ExitOnOOM false 
LeaveTemporaryFiles false 
AlgorithmicDetection true 

ScanELF true 

NodalCoreAcceleration false 
IdleTimeout 30 

ailMaxRecursion 64 
PhishingSignatures true 

‚ogFile /var/log/clamav/clamav.log 
LogTime true 

‚ogFileUnlock false 

‚ogFileMaxSize 0 


only appropriat 


becaus 


I 


/etc/clamav/freshelam.conf: 


DatabaseOwner amavis 


LogVerbose false 
‚ogSyslog false 
‚ogFacility LOG LOCAL6 


US 


logrotate 


T 


LogFileMaxSize 0 only appropriat 
Foreground false 

Debug false 

axAttempts 5 

DatabaseDirectory /var/lib/clamav/ 


AllowSupplementaryGroups true 


becaus 


DNSDatabaseInfo current.cvd.clamav.net 


PidFile /var/run/clamav/freshclam.pid 


ConnectTimeout 30 

ReceiveTimeout 30 

ScriptedUpdates yes 

NotifyClamd /etc/clamav/clamd.conf 
DatabaseMirror db.local.clamav.net 
DatabaseMirror database.clamav.net 
DatabaseMirror db.us.clamav.net 


/etc/logrotate.d/clamav-daemon: 


/var/log/clamav/clamav.log { 
rotate 12 
weekly 
compress 
delaycompress 
create 640 amavis adm 
postrotate 
/etc/ini 
endscript 


US 


logrotate 


.d/clamav-daemon reload-log > /dev/null 


Michel Bisson 


owner can be clamav if clamav is a member of amavis group 
UpdateLogFile /var/log/clamav/freshclam.log 
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/etc/logrotate.d/clamav-freshclam: 


/var/log/clamav/freshclam.log { 
rotate 12 
weekly 
compress 
delaycompress 
create 640 amavis adm 
postrotate 
/etc/init.d/clamav-freshclam reload-log > /dev/null 
endscript 


} 


The /etc/init.d/clamav-daemon and /etc/init.d/clamav-freshclam startup scripts are specific 
to Debian. 
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